[Samba] Samba 4 AD with Bind 9.9 dlz permission access to /var/lib/samba/private/
Chan Min Wai
dcmwai at gmail.com
Tue Dec 24 12:43:49 MST 2013
Dear all,
Would like to ask for input on the following.
When using with bind 9.9 with dlz module.
It seem that we would have a permission issue where names would need to
have access to
/var/lib/samba/private/ for a few files.
to be more precise it would be
/var/lib/samba/private/dns (whole folder)
/var/lib/samba/private/named.conf
/var/lib/samba/private/named.conf.update
/var/lib/samba/private/dns.keytab
However as I can see private was 400...
drwx------+ 7 root root 4096 Dec 25 03:34 private
Question:
1. Should I use ACL to allow named to have rx access to these folder and
files?
2. Should I just change the group on private to add named in and on other
files or folder involved.
Which one is a better practice and why?
i just feel that having named mixed up with samba private folder is a bad
practice...
At lease in security point of view.
I would said that samba should have move these files to /var/bind/
But I'm not a developer that able to understand that..
Please advise.
Thank You.
More information about the samba
mailing list