Best choice for ntlm_auth's access to winbindd_privileged directory

Andrew Bartlett abartlet at
Thu Sep 14 21:46:33 GMT 2006

On Thu, 2006-09-14 at 20:50 +0400, Dmitry Butskoy wrote:
> According to nltm_auth(1) man page,
> > Some  of  these  commands  also  require  access  to the directory win-
> > bindd_privileged in $LOCKDIR. This should be  done  either  by  running
> > this  command  as root or providing group access to the winbindd_privi-
> > leged directory. For security reasons, this  directory  should  not  be
> > world-accessable.
> As a rpm packager (for mod_ntlm_winbind under Fedora Extras) I'm trying 
> to find some solution to avoid the need of manual permission changes 
> after the install. In other words, to write some post-install scripts 
> for the package which do this job automatically.

> My question is:
> For security reasons, just the directory should not be world-accessable, 
> or even ntlm_auth binary itself should not be world-accessable too? In 
> other words, is the setgid way security clean?

No, it is not.  The binary does not enforce any more security control
over the critical point (being able to specify the challenge) than the
raw socket does.

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.        
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list