[Samba] Samba 4 AD with Bind 9.9 dlz permission access to /var/lib/samba/private/
Rowland Penny
rowlandpenny at googlemail.com
Thu Dec 26 09:46:02 MST 2013
On 26/12/13 15:43, Chan Min Wai wrote:
> Dear Steve,
>
> I think that is bad idea as /var/lib/samba/private was suppose to hold
> something private for samba.
Do you mean like the samba DNS zones and the keytab that is required to
alter it?
> Like secret information security related LDAP/AD information
>
> Putting dns information don't seem to be a good idea.
> (unless the dns information are part or LDAP or AD)
The samba dns zones are part of AD.
>
> And I do believes that it should be place to /var/lib/samba/bind or some
> other place which private for both of them.
>
Just where would you put private info like the samba DNS zones etc.?
If you have any problems about where to store stuff, I suggest that you
take it up with the Samba devs.
Rowland
> On Wed, Dec 25, 2013 at 9:17 PM, steve <steve at steve-ss.com> wrote:
>
>> On Wed, 2013-12-25 at 03:43 +0800, Chan Min Wai wrote:
>>> Dear all,
>>>
>>> Would like to ask for input on the following.
>>> When using with bind 9.9 with dlz module.
>>> It seem that we would have a permission issue where names would need to
>>> have access to
>>>
>>> /var/lib/samba/private/ for a few files.
>>> to be more precise it would be
>>>
>>> /var/lib/samba/private/dns (whole folder)
>>> /var/lib/samba/private/named.conf
>>> /var/lib/samba/private/named.conf.update
>>> /var/lib/samba/private/dns.keytab
>>>
>>> However as I can see private was 400...
>>> drwx------+ 7 root root 4096 Dec 25 03:34 private
>> That seems very restrictive. We have a default source build
>> at /usr/local/samba with:
>> drwxr-xr-x 7 root root 4096 Dec 13 13:31 private
>>
>> That let's everyone in, then named has further access as you state.
>> HTH
>> Steve
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
More information about the samba
mailing list