URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc
Steve Langasek
vorlon at netexpress.net
Tue Dec 21 20:04:30 GMT 1999
On Tue, 21 Dec 1999, Luke Kenneth Casson Leighton wrote:
> i know what damage can be done with those .mac files. you can anonymously
> use them to obtain remote SAM databases.
I do, too, which is why I would never think of making these files readable.
However, I don't think moving the files to a subdirectory is going to gain you
much more than a false sense of security.
> it scares me that people might not realise this, and think it's ok to
> change the permissions on them, or edit them.
I have a suggestion. If you want to make sure that administrators understand
that the files *must* be kept private, you could add an autogenerated comment
to the top of each file explaining this. In the case of the .mac files, this
may require a minor change to the way they're parsed, but smb.conf at least
supports /bin/sh-style (#) comments already. Any administrator I know who can
figure out how to compromise the permissions on a file also knows enough to
look at the file first to get at least *some* idea what it is.
This way, everyone has a little bit more information to work with (and
educating administrators whether they like it or not is always a good thing),
and you don't have to spend your time chasing down and arguing with all the
Samba packagers who disagree with your directory heirarchy.
-Steve Langasek
postmodern programmer
More information about the samba-technical
mailing list