[Samba] Samba 4 AD with Bind 9.9 dlz permission access to /var/lib/samba/private/

Chan Min Wai dcmwai at gmail.com
Tue Dec 24 12:43:49 MST 2013


Dear all,

Would like to ask for input on the following.
When using with bind 9.9 with dlz module.
It seem that we would have a permission issue where names would need to
have access to

/var/lib/samba/private/ for a few files.
to be more precise it would be

/var/lib/samba/private/dns (whole folder)
/var/lib/samba/private/named.conf
/var/lib/samba/private/named.conf.update
/var/lib/samba/private/dns.keytab

However as I can see private was 400...
drwx------+  7 root root    4096 Dec 25 03:34 private

Question:
1. Should I use ACL to allow named to have rx access to these folder and
files?
2. Should I just change the group on private to add named in and on other
files or folder involved.

Which one is a better practice and why?

i just feel that having named mixed up with samba private folder is a bad
practice...
At lease in security point of view.
I would said that samba should have move these files to /var/bind/

But I'm not a developer that able to understand that..

Please advise.

Thank You.


More information about the samba mailing list