[Samba] Winbind local idmap/cache database security concerns

[Shawn Iverson]

I am currently working on implementing unified logons between linux and win
computers on an NT4 domain.  I have a samba test server with winbind working
properly.  All is going well, except that I am concerned about the winbind
idmap database stored on the local linux workstations.  My current
understanding of winbind is that it must be on every machine, unless an
winbind samba ldap backend/pam_smb combination is used.  However, with the
latter, all the features that winbind supports are lost since winbind is not
running on the local machine (such as changing ones password) so I currently
see no other way of implementing winbind.

What will keep a user from reading /var/cache/samba/winbind_cache.tdb and
winbind_idmap.tdb?  I know that the owner is root and that the each has the
permissions 0600 (idmap had 0644, but I changed it to 0600).  Despite that,
isn't it easy enough for a user to crack the filesystem and gain access to
these databases if so he/she wished?   I am especially concerned about this
because the cache and idmap contain information on what users and groups
exist on the network and who belongs to what group.  Is this not a potential
security concern?  For example, if a user gained access to these databases,
they could identify all domain administrator accounts, correct?

Perhaps there is a way to implement winbind so as to not have the cache and
idmaps stored locally and still retain winbind's functionality.  If anyone
knows how I would be very interested.

Shawn Iverson
Technology Associate
New Castle Community School Corporation
765-593-6691
shawn at nccsc.k12.in.us