Luke Kenneth Casson Leighton lkcl at samba.org
Tue Dec 21 17:55:02 GMT 1999

On Mon, 20 Dec 1999, Michael H. Warfield wrote:

> 	Ok...  I just started parsing through this tempest in a teapot.
> 	Luke...  Please consult with others before yelling "fire in the
> hole".

sorry.  i know, i should know better.

>  Even I do that...  I haven't been in the office the last couple of
> days, but I'm a phone call or an E-Mail away.
> On Tue, Dec 21, 1999 at 09:16:47AM +1100, Luke Kenneth Casson Leighton wrote:
> > i know what damage can be done with those .mac files.  you can anonymously
> > use them to obtain remote SAM databases.
> > it scares me that people might not realise this, and think it's ok to
> > change the permissions on them, or edit them.
> 	Why would they do that and why would you assume that any more than
> any other directory?  After all /etc/shadow is there along with numerous
> other critical files that people are not suppose to edit or view (like
> sudoers, ipsec.secrets, ssh_host_key, at.deny, ftpaccess, securetty, etc,
> etc, etc).

root manually editing the smbpasswd file, a umask that allows a saved file
to have read permissions set to more than owner, file is being saved
temporarily as smbpasswd.new, then copied to smbpasswd after backing up
the old one.
and yes, the rest of the message [i just cut it] negate this reason.

More information about the samba-technical mailing list