svn commit: samba r19383 - in
branches/SAMBA_4_0/services/samba: .
Andrew Bartlett
abartlet at samba.org
Wed Oct 18 13:22:48 GMT 2006
On Wed, 2006-10-18 at 09:00 -0400, derrell at samba.org wrote:
> Andrew Bartlett <abartlet at samba.org> writes:
>
> > On Wed, 2006-10-18 at 00:29 +0000, derrell at samba.org wrote:
> >> Author: derrell
> >> Date: 2006-10-18 00:29:26 +0000 (Wed, 18 Oct 2006)
> >> New Revision: 19383
> >>
> >> WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19383
> >>
> >> Log:
> >> pass only the base filename of an ldb file to be opened; allow server to prepend path where it's located (private_dir)
> >> Modified:
> >> branches/SAMBA_4_0/services/samba/ldb.esp
> >>
> >
> > I'm a bit worried about the idea that a web client can specify a file to
> > open on the server. Can't we have a hard-coded list instead?
> >
> > A number of databases do not have explicit access control, as they are
> > file-permissions are restricted to root, and are only used internally.
>
> Once I put in an authentication function, you'll have only the same access
> that you already have using the ejs interface with smbscript.
The problem is that this is remote access.
> That should
> mitigate your concern. Also, I assume (erroneously?) that smbd runs as a
> non-root user except when it needs to be root, so the web server wouldn't have
> access to permissions-protected files anyway. Is that an invalid assumption?
That, unfortunately is an incorrect assumption for the way SWAT is
currently setup.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20061018/1088974f/attachment.bin
More information about the samba-technical
mailing list