Permissions on private directory.

Steve Langasek vorlon at
Wed Apr 11 14:17:44 GMT 2001

On Wed, 11 Apr 2001, Jeremy Allison wrote:

> On Wed, Apr 11, 2001 at 04:19:51PM +1000, Tim Potter wrote:
> > Steve Langasek writes:

> > > > So if UNIX users can read these files then you could be in a bit
> > > > of security trouble.

> > > I don't dispute that the smbpasswd file and secrets.tdb need to
> > > be protected from non-root users; but many systems have shadow
> > > password files with hashes so weak that they're nearly
> > > plaintext equivalent, yet I've never heard anyone object that
> > > it's insecure to keep this file in the public /etc directory --

> > Good point.  I can't think of a reason why this isn't the case.
> > Perhaps someone else knows some of the history of the privatedir
> > stuff.

> Complete paranoia by me :-). Having a samba private directory
> isn't such a bad idea in the long run you know.

Then I'll ask for your opinion on this: does the paranoia outweigh concerns of
backwards-compatibility with OSes who've already chosen to use /etc as the
privatedir?  That's the question here, since we're talking about configuration
of RPM packages.

Note for comparison that Debian already puts all Samba configfiles (configdir
and privatedir) in /etc/samba/.  What are the long-term advantages of having a
samba private directory, beyond keeping the filesystem clean?

Steve Langasek
postmodern programmer

More information about the samba-technical mailing list