[PATCH] Create a 'binddns dir' for files used by the bind_dlz module and named
Jeremy Allison
jra at samba.org
Thu Aug 24 00:18:28 UTC 2017
On Thu, Aug 24, 2017 at 11:48:27AM +1200, Andrew Bartlett via samba-technical wrote:
> On Thu, 2017-08-24 at 11:29 +1200, Andrew Bartlett via samba-technical
> wrote:
> > On Thu, 2017-08-24 at 08:38 +1200, Andrew Bartlett via samba-
> > technical
> > wrote:
> > > On Wed, 2017-08-23 at 16:27 +0200, Andreas Schneider via samba-
> > > technical wrote:
> > > > Hi,
> > > >
> > > > we have an issue that the files for bind are stored in the
> > > > private
> > > > directory.
> > > > Distributions package the private directory normally with 0700
> > > > permissions. So
> > > > 'named' of bind is not able to access the directory.
> > > >
> > > > We should have a seperate directory where bind is allowed to
> > > > enter
> > > > for
> > > > security reasons!
> > > >
> > > > The attached patchset adds a 'binddns dir' parameter which
> > > > normally
> > > > ends up
> > > > with /var/lib/samba/bind-dns as the directory. The changes are
> > > > fully
> > > > backwards-compatible and the installation can be upgraded using
> > > > samba_upgradedns. Then the old files are removed!
> > > >
> > > >
> > > > We need this for Samba 4.7!
> > >
> > > I like it. Thanks for taking care not to break our upgrades.
> > >
> > > I'll review more carefully and push when I get to work.
> >
> > Reviewed-by: Andrew Bartlett <abartlet at samba.org>
> >
> > Pushed!
>
> This failed with:
>
> [2(6)/2192 at 0s] samba.tests.docs
> UNEXPECTED(failure):
> samba.tests.docs.samba.tests.docs.SmbDotConfTests.test_default_s3(none)
> REASON: Exception: Exception: Traceback (most recent call last):
> File
> "/memdisk/abartlet/a/b601740/samba/bin/python/samba/tests/docs.py",
> line 158, in test_default_s3
> self._test_default(['bin/testparm'])
> File
> "/memdisk/abartlet/a/b601740/samba/bin/python/samba/tests/docs.py",
> line 206, in _test_default
> "Parameters that do not have matching defaults:"))
> AssertionError: Parameters that do not have matching defaults:
>
> binddns dir
> Expected: /m/abartlet/a/b601740/prefix/samba/var/lib
> Got:
>
> Sorry,
Yeah, in patch #6 there also needs to be a:
$ git diff
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index d5b1c56e21e..42e579efcfd 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -550,6 +550,8 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
get_dyn_SMB_PASSWD_FILE());
lpcfg_string_set(Globals.ctx, &Globals.private_dir,
get_dyn_PRIVATE_DIR());
+ lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
+ get_dyn_BINDDNS_DIR());
/* use the new 'hash2' method by default, with a prefix of 1 */
lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
added I think...
More information about the samba-technical
mailing list