[PATCH] Create a 'binddns dir' for files used by the bind_dlz module and named
Andrew Bartlett
abartlet at samba.org
Wed Aug 23 23:29:39 UTC 2017
On Thu, 2017-08-24 at 08:38 +1200, Andrew Bartlett via samba-technical
wrote:
> On Wed, 2017-08-23 at 16:27 +0200, Andreas Schneider via samba-
> technical wrote:
> > Hi,
> >
> > we have an issue that the files for bind are stored in the private
> > directory.
> > Distributions package the private directory normally with 0700
> > permissions. So
> > 'named' of bind is not able to access the directory.
> >
> > We should have a seperate directory where bind is allowed to enter
> > for
> > security reasons!
> >
> > The attached patchset adds a 'binddns dir' parameter which normally
> > ends up
> > with /var/lib/samba/bind-dns as the directory. The changes are
> > fully
> > backwards-compatible and the installation can be upgraded using
> > samba_upgradedns. Then the old files are removed!
> >
> >
> > We need this for Samba 4.7!
>
> I like it. Thanks for taking care not to break our upgrades.
>
> I'll review more carefully and push when I get to work.
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Pushed!
Thanks,
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list