[Samba] Samba 4 AD with Bind 9.9 dlz permission access to /var/lib/samba/private/

Chan Min Wai dcmwai at gmail.com
Thu Dec 26 08:43:52 MST 2013


Dear Steve,

I think that is bad idea as /var/lib/samba/private was suppose to hold
something private for samba.

Like secret information security related LDAP/AD information

Putting dns information don't seem to be a good idea.
(unless the dns information are part or LDAP or AD)

And I do believes that it should be place to  /var/lib/samba/bind or some
other place which private for both of them.


On Wed, Dec 25, 2013 at 9:17 PM, steve <steve at steve-ss.com> wrote:

> On Wed, 2013-12-25 at 03:43 +0800, Chan Min Wai wrote:
> > Dear all,
> >
> > Would like to ask for input on the following.
> > When using with bind 9.9 with dlz module.
> > It seem that we would have a permission issue where names would need to
> > have access to
> >
> > /var/lib/samba/private/ for a few files.
> > to be more precise it would be
> >
> > /var/lib/samba/private/dns (whole folder)
> > /var/lib/samba/private/named.conf
> > /var/lib/samba/private/named.conf.update
> > /var/lib/samba/private/dns.keytab
> >
> > However as I can see private was 400...
> > drwx------+  7 root root    4096 Dec 25 03:34 private
>
> That seems very restrictive. We have a default source build
> at /usr/local/samba with:
> drwxr-xr-x  7 root root 4096 Dec 13 13:31 private
>
> That let's everyone in, then named has further access as you state.
> HTH
> Steve
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list