[PATCH] Create a 'binddns dir' for files used by the bind_dlz module and named
Andrew Bartlett
abartlet at samba.org
Wed Aug 23 23:48:27 UTC 2017
On Thu, 2017-08-24 at 11:29 +1200, Andrew Bartlett via samba-technical
wrote:
> On Thu, 2017-08-24 at 08:38 +1200, Andrew Bartlett via samba-
> technical
> wrote:
> > On Wed, 2017-08-23 at 16:27 +0200, Andreas Schneider via samba-
> > technical wrote:
> > > Hi,
> > >
> > > we have an issue that the files for bind are stored in the
> > > private
> > > directory.
> > > Distributions package the private directory normally with 0700
> > > permissions. So
> > > 'named' of bind is not able to access the directory.
> > >
> > > We should have a seperate directory where bind is allowed to
> > > enter
> > > for
> > > security reasons!
> > >
> > > The attached patchset adds a 'binddns dir' parameter which
> > > normally
> > > ends up
> > > with /var/lib/samba/bind-dns as the directory. The changes are
> > > fully
> > > backwards-compatible and the installation can be upgraded using
> > > samba_upgradedns. Then the old files are removed!
> > >
> > >
> > > We need this for Samba 4.7!
> >
> > I like it. Thanks for taking care not to break our upgrades.
> >
> > I'll review more carefully and push when I get to work.
>
> Reviewed-by: Andrew Bartlett <abartlet at samba.org>
>
> Pushed!
This failed with:
[2(6)/2192 at 0s] samba.tests.docs
UNEXPECTED(failure):
samba.tests.docs.samba.tests.docs.SmbDotConfTests.test_default_s3(none)
REASON: Exception: Exception: Traceback (most recent call last):
File
"/memdisk/abartlet/a/b601740/samba/bin/python/samba/tests/docs.py",
line 158, in test_default_s3
self._test_default(['bin/testparm'])
File
"/memdisk/abartlet/a/b601740/samba/bin/python/samba/tests/docs.py",
line 206, in _test_default
"Parameters that do not have matching defaults:"))
AssertionError: Parameters that do not have matching defaults:
binddns dir
Expected: /m/abartlet/a/b601740/prefix/samba/var/lib
Got:
Sorry,
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list