Permissions on private directory.
Steve Langasek
vorlon at netexpress.net
Wed Apr 11 14:17:44 GMT 2001
On Wed, 11 Apr 2001, Jeremy Allison wrote:
> On Wed, Apr 11, 2001 at 04:19:51PM +1000, Tim Potter wrote:
> > Steve Langasek writes:
> > > > So if UNIX users can read these files then you could be in a bit
> > > > of security trouble.
> > > I don't dispute that the smbpasswd file and secrets.tdb need to
> > > be protected from non-root users; but many systems have shadow
> > > password files with hashes so weak that they're nearly
> > > plaintext equivalent, yet I've never heard anyone object that
> > > it's insecure to keep this file in the public /etc directory --
> > Good point. I can't think of a reason why this isn't the case.
> > Perhaps someone else knows some of the history of the privatedir
> > stuff.
> Complete paranoia by me :-). Having a samba private directory
> isn't such a bad idea in the long run you know.
Then I'll ask for your opinion on this: does the paranoia outweigh concerns of
backwards-compatibility with OSes who've already chosen to use /etc as the
privatedir? That's the question here, since we're talking about configuration
of RPM packages.
Note for comparison that Debian already puts all Samba configfiles (configdir
and privatedir) in /etc/samba/. What are the long-term advantages of having a
samba private directory, beyond keeping the filesystem clean?
Steve Langasek
postmodern programmer
More information about the samba-technical
mailing list