jra at samba.org
Tue May 2 12:22:31 GMT 2006
On Tue, May 02, 2006 at 12:47:04AM -0700, Bob Walters wrote:
> Thanks Volker and Mark, both of your solutions worked, thus far setting just
> /var/db/samba to 700 is sufficient, it then also sets most of the
> permissions of the tdb files in /var/lock accordingly as 700.
> Does it matter in my scenario if regular users can access (as 644)
> brlock.tdb, sessionid.tdb, or unexpected.tdb? I'm not certain if that would
> give away any valuable information, but was considering making /var/run
> restricted as well? (probably a crazy idea, but I'm thinking about it) If it
> doesn't mess up samba, I'll probably go for it.
Regular users don't need to access these files - if you want to
disable smbstatus that's the only user-readable utility that
needs access to that directory.
More information about the samba-technical