disable smbstatus?

Mark Proehl M.Proehl at science-computing.de
Tue May 2 13:11:00 GMT 2006

On Tue, May 02, 2006 at 05:22:31AM -0700, Jeremy Allison wrote:
> On Tue, May 02, 2006 at 12:47:04AM -0700, Bob Walters wrote:
> > Thanks Volker and Mark, both of your solutions worked, thus far setting just
> > /var/db/samba to 700 is sufficient, it then also sets most of the
> > permissions of the tdb files in /var/lock accordingly as 700.
> > 
> > Does it matter in my scenario if regular users can access (as 644)
> > brlock.tdb, sessionid.tdb, or unexpected.tdb? I'm not certain if that would
> > give away any valuable information, but was considering making /var/run
> > restricted as well? (probably a crazy idea, but I'm thinking about it) If it
> > doesn't mess up samba, I'll probably go for it.
> Regular users don't need to access these files - if you want to
> disable smbstatus that's the only user-readable utility that
> needs access to that directory.
> Jeremy.

chmod 0700 /var/lib/samba was a bad idea. testparm complains:

  WARNING: lock directory /var/lib/samba/ should have permissions 0755 for browsing to work


More information about the samba-technical mailing list