Permissions on private directory.
don_mccall at hp.com
Wed Apr 11 15:08:15 GMT 2001
Just my humble opinion, but working as a support engineer in a corporate
environment, I constantly hear frustrated administrators who WANT to run
samba on their HP-UX/*nix boxes, but are being blocked because the powers
be are concerned about -security-. Now, you and I know that samba is as
as you CONFIGURE it, and a damn site MORE secure than nfs, for example. But
I guess what I'm saying is, any option that strengthens samba's security
potential, is probably worth having just for that reason...
From: Steve Langasek [mailto:vorlon at netexpress.net]
Sent: Wednesday, April 11, 2001 10:18 AM
To: Jeremy Allison
Cc: Tim Potter; Andrew Bartlett; Multiple recipients of list
Subject: Re: Permissions on private directory.
On Wed, 11 Apr 2001, Jeremy Allison wrote:
> On Wed, Apr 11, 2001 at 04:19:51PM +1000, Tim Potter wrote:
> > Steve Langasek writes:
> > > > So if UNIX users can read these files then you could be in a bit
> > > > of security trouble.
> > > I don't dispute that the smbpasswd file and secrets.tdb need to
> > > be protected from non-root users; but many systems have shadow
> > > password files with hashes so weak that they're nearly
> > > plaintext equivalent, yet I've never heard anyone object that
> > > it's insecure to keep this file in the public /etc directory --
> > Good point. I can't think of a reason why this isn't the case.
> > Perhaps someone else knows some of the history of the privatedir
> > stuff.
> Complete paranoia by me :-). Having a samba private directory
> isn't such a bad idea in the long run you know.
Then I'll ask for your opinion on this: does the paranoia outweigh concerns
backwards-compatibility with OSes who've already chosen to use /etc as the
privatedir? That's the question here, since we're talking about
of RPM packages.
Note for comparison that Debian already puts all Samba configfiles
and privatedir) in /etc/samba/. What are the long-term advantages of having
samba private directory, beyond keeping the filesystem clean?
More information about the samba-technical