new parameter: "secure include"
CAE Samba Admin
caesmb at lab2.cc.wmich.edu
Thu Jun 10 18:45:53 GMT 1999
On Thu, 10 Jun 1999, David Collier-Brown wrote:
>CAE Samba Admin wrote:
>> 1. root must own the file
>> 2. the file must not be group writable
>> 3. the file must not be world writable
>
> Ditto the enclosing directories, up to the root must
> be secure against my renaming the real directory and
> shoving my version into place. The usual shortcut is
> to do only the lowest-level directory, as if it's right
> the others usually are.
I understand the the loophole, but want to clarify the
fix/shortcut (sorry, I'm not the most experianced unix programmer).
If the actualy config file (not the symlink) is:
/usr/local/samba/lib/smb_globals-dept.conf
Then I should ensure that /usr/local/samba/lib meets the three
conditions as well. Also, it is accepted that checking this directory
alone (not everything before it) is secure?
Thanks,
Kevin
More information about the samba-technical
mailing list