Permissions on private directory.

David Lee T.D.Lee at durham.ac.uk
Mon Apr 9 16:36:59 GMT 2001


On Mon, 9 Apr 2001, Steve Langasek wrote:

> I'm personally a bit fuzzy on why we need a 'privatedir' in any case.  None of
> the systems I run Samba on have filesystem semantics that would require a
> separate directory; smbpasswd is only a little more sensitive than my shadow
> password file, and I've never been bitten by having that in /etc.
> 
> Unless someone can explain /why/ we need a separate private directory for
> smbpasswd when Samba already diligently enforces access controls on that file,
> I would argue that privatedir=configdir should be the standard behavior in
> rpm/deb packages (as it has been for some time in the vendor-supplied binary
> packages).

Responding with example (rather than principle)...

On Solaris (and completely unrelated to samba), the "passwd.adjunct" file,
if any, is in a separate subdirectory "security" (although "shadow", if
any, is in the main directory.  So that's one example of a UNIX vendor
using a subdirectory for the files that contain encrypted passwords.

(I make no claim to understand why this is so, nor what the differences
are between the "passwd.adjunct" and "shadow" mechanisms.  Enlightenment,
probably off-list, would be welcome, including for single-system use and
multi-system (e.g. NIS) use.) 


-- 

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham                :
:  Phone: +44 191 374 2882                  U.K.                  :





More information about the samba-technical mailing list