svn commit: samba r19383 - in
branches/SAMBA_4_0/services/samba: .
derrell at samba.org
derrell at samba.org
Wed Oct 18 13:00:44 GMT 2006
Andrew Bartlett <abartlet at samba.org> writes:
> On Wed, 2006-10-18 at 00:29 +0000, derrell at samba.org wrote:
>> Author: derrell
>> Date: 2006-10-18 00:29:26 +0000 (Wed, 18 Oct 2006)
>> New Revision: 19383
>>
>> WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19383
>>
>> Log:
>> pass only the base filename of an ldb file to be opened; allow server to prepend path where it's located (private_dir)
>> Modified:
>> branches/SAMBA_4_0/services/samba/ldb.esp
>>
>
> I'm a bit worried about the idea that a web client can specify a file to
> open on the server. Can't we have a hard-coded list instead?
>
> A number of databases do not have explicit access control, as they are
> file-permissions are restricted to root, and are only used internally.
Once I put in an authentication function, you'll have only the same access
that you already have using the ejs interface with smbscript. That should
mitigate your concern. Also, I assume (erroneously?) that smbd runs as a
non-root user except when it needs to be root, so the web server wouldn't have
access to permissions-protected files anyway. Is that an invalid assumption?
Derrell
More information about the samba-technical
mailing list