Permissions on private directory.

Steve Langasek vorlon at
Mon Apr 9 16:20:02 GMT 2001

On Mon, 9 Apr 2001, Andrew Bartlett wrote:

> I was doing some work attempting to fixup the RPM spec files, and I was
> wondering what the correct permissions for privatedir are?  (ie
> /etc/samba/private for an rpm install).

> The below patch sets them to 700 in the main Makefile, and this is what
> they are set to in the spec file.  Is this correct?  The reason I ask is
> that 'MACHINE.SID' is created in this directory with world readable
> permissions.  Do I break things making the dir mode 700?

I'm personally a bit fuzzy on why we need a 'privatedir' in any case.  None of
the systems I run Samba on have filesystem semantics that would require a
separate directory; smbpasswd is only a little more sensitive than my shadow
password file, and I've never been bitten by having that in /etc.

Unless someone can explain /why/ we need a separate private directory for
smbpasswd when Samba already diligently enforces access controls on that file,
I would argue that privatedir=configdir should be the standard behavior in
rpm/deb packages (as it has been for some time in the vendor-supplied binary

Steve Langasek
postmodern programmer

More information about the samba-technical mailing list