Permissions on private directory.
Steve Langasek
vorlon at netexpress.net
Mon Apr 9 16:20:02 GMT 2001
On Mon, 9 Apr 2001, Andrew Bartlett wrote:
> I was doing some work attempting to fixup the RPM spec files, and I was
> wondering what the correct permissions for privatedir are? (ie
> /etc/samba/private for an rpm install).
> The below patch sets them to 700 in the main Makefile, and this is what
> they are set to in the spec file. Is this correct? The reason I ask is
> that 'MACHINE.SID' is created in this directory with world readable
> permissions. Do I break things making the dir mode 700?
I'm personally a bit fuzzy on why we need a 'privatedir' in any case. None of
the systems I run Samba on have filesystem semantics that would require a
separate directory; smbpasswd is only a little more sensitive than my shadow
password file, and I've never been bitten by having that in /etc.
Unless someone can explain /why/ we need a separate private directory for
smbpasswd when Samba already diligently enforces access controls on that file,
I would argue that privatedir=configdir should be the standard behavior in
rpm/deb packages (as it has been for some time in the vendor-supplied binary
packages).
Steve Langasek
postmodern programmer
More information about the samba-technical
mailing list