svn commit: samba r19383 - in branches/SAMBA_4_0/services/samba: .

derrell at samba.org derrell at samba.org
Wed Oct 18 13:00:44 GMT 2006


Andrew Bartlett <abartlet at samba.org> writes:

> On Wed, 2006-10-18 at 00:29 +0000, derrell at samba.org wrote:
>> Author: derrell
>> Date: 2006-10-18 00:29:26 +0000 (Wed, 18 Oct 2006)
>> New Revision: 19383
>> 
>> WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19383
>> 
>> Log:
>> pass only the base filename of an ldb file to be opened; allow server to prepend path where it's located (private_dir)
>> Modified:
>>    branches/SAMBA_4_0/services/samba/ldb.esp
>> 
>
> I'm a bit worried about the idea that a web client can specify a file to
> open on the server.  Can't we have a hard-coded list instead?
>
> A number of databases do not have explicit access control, as they are
> file-permissions are restricted to root, and are only used internally.  

Once I put in an authentication function, you'll have only the same access
that you already have using the ejs interface with smbscript.  That should
mitigate your concern.  Also, I assume (erroneously?) that smbd runs as a
non-root user except when it needs to be root, so the web server wouldn't have
access to permissions-protected files anyway.  Is that an invalid assumption?

Derrell


More information about the samba-technical mailing list