URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc

Steve Litt slitt at troubleshooters.com
Wed Dec 22 12:37:58 GMT 1999


Does anyone see problems with smb.conf being *read only* to non-admin
people, or to the general populace?

Steve Litt


At 07:06 AM 12/22/1999 +1100, Steve Langasek wrote:
>On Tue, 21 Dec 1999, Luke Kenneth Casson Leighton wrote:
>
>> i know what damage can be done with those .mac files.  you can anonymously
>> use them to obtain remote SAM databases.
>
>I do, too, which is why I would never think of making these files readable.
>However, I don't think moving the files to a subdirectory is going to gain
you
>much more than a false sense of security.
>
>> it scares me that people might not realise this, and think it's ok to
>> change the permissions on them, or edit them.
>
>I have a suggestion.  If you want to make sure that administrators understand
>that the files *must* be kept private, you could add an autogenerated comment
>to the top of each file explaining this.  In the case of the .mac files, this
>may require a minor change to the way they're parsed, but smb.conf at least
>supports /bin/sh-style (#) comments already.  Any administrator I know who
can
>figure out how to compromise the permissions on a file also knows enough to
>look at the file first to get at least *some* idea what it is.
>
>This way, everyone has a little bit more information to work with (and
>educating administrators whether they like it or not is always a good thing),
>and you don't have to spend your time chasing down and arguing with all the
>Samba packagers who disagree with your directory heirarchy.
>
>-Steve Langasek
>postmodern programmer
>
>



More information about the samba-technical mailing list