[PATCH] passdb.tdb is located in the private directory
simo
idra at samba.org
Mon Dec 24 14:19:15 GMT 2007
On Mon, 2007-12-24 at 09:16 -0500, simo wrote:
> On Mon, 2007-12-24 at 14:12 +0100, Volker Lendecke wrote:
> > Jerry, as part of d6cdbfd87 the default location of passdb.tdb has changed from
> > the private directory to the state directory. I think because passdb.tdb holds
> > the password hashes, it is reasonable to keep this next to the smbpasswd file.
> >
> > Please review and potentially push.
>
> +1
>
> Not much because it should stay near smbpasswd, but more because the
> private directory is not accessible by normal users, just root, and give
> additional protection to potential misconfiguration of the file's
> permission.
>
> Just looking right now in my Fedora installation I have it in
> /var/lib/samba/private 700 and it contains passdb.tdb, secrets.tdb and
> smbpasswd. passdb.tdb is 644 in this installation, but it is ok as the
> parent dir itself restrict non-root user access.
Also I forgot to mention that by having this stuff in a directory make
it easier to correctly label files on creation with the right SELinux
policy (this was the main reason for putting them in private/ IIRC).
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <ssorce at redhat.com>
More information about the samba-technical
mailing list