[Samba] Samba keeps resetting smbpasswd permissions

[Martin v. Wittich]

Gerald (Jerry) Carter wrote:
> Sure.  Add a permission mode define to local.h and let
> it be changed there at compile time.  I don't think there is enough pent
> up demand to make this a run-time parameter. That's all I'm saying.

Maybe all other people that had this problem just bit the bullet and ran
their apps as root, or used workarounds like a cronjob that would make a
daily copy of the smbpasswd file? ;)

As far as I know there are no other applications that enforce hard-coded
permissions on their files; for example OpenSSH and sendmail just print
error messages like "permissions too open" or "cannot open <file>: world
writable directory" and let root decide. I think that is a better way to
handle permissions - although these programs in fact know that the
permissions are broken, they won't touch them. Samba changes the
permissions even when they're not broken.

With the current configuration, there's unfortunately just no simple way
to use the smbpasswd file as a back-end for other applications; in the
case of FreeRADIUS I have to use smbpasswd because the MSCHAPv2 protocol
that is used for authentication is incompatible to the /etc/passwd hashes.
Having to recompile Samba would also be an unfortunate solution because
we would have to deploy Samba as a custom package to >300 servers -
forcing us to maintain the package for every security update that is yet
to come.

Martin v. Wittich