svn commit: samba r19383 - in branches/SAMBA_4_0/services/samba: .

derrell at derrell at
Wed Oct 18 13:00:44 GMT 2006

Andrew Bartlett <abartlet at> writes:

> On Wed, 2006-10-18 at 00:29 +0000, derrell at wrote:
>> Author: derrell
>> Date: 2006-10-18 00:29:26 +0000 (Wed, 18 Oct 2006)
>> New Revision: 19383
>> WebSVN:
>> Log:
>> pass only the base filename of an ldb file to be opened; allow server to prepend path where it's located (private_dir)
>> Modified:
>>    branches/SAMBA_4_0/services/samba/ldb.esp
> I'm a bit worried about the idea that a web client can specify a file to
> open on the server.  Can't we have a hard-coded list instead?
> A number of databases do not have explicit access control, as they are
> file-permissions are restricted to root, and are only used internally.  

Once I put in an authentication function, you'll have only the same access
that you already have using the ejs interface with smbscript.  That should
mitigate your concern.  Also, I assume (erroneously?) that smbd runs as a
non-root user except when it needs to be root, so the web server wouldn't have
access to permissions-protected files anyway.  Is that an invalid assumption?


More information about the samba-technical mailing list