[Samba] bind-dns folder permissions with bind-dlz configuration 4.10
rpenny at samba.org
Wed Sep 11 09:02:52 UTC 2019
On 11/09/2019 09:37, L.P.H. van Belle via samba wrote:
> Sure it was, ;-), maybe not that one specific site link but it was on wiki
Possibly it was on the wiki , but not on that page ;-)
If you read the history:
(cur | prev
16:46, 10 September 2019
<https://wiki.samba.org/index.php/Special:Contributions/Hortimech>) m .
. (12,113 bytes) (+245) . . (/* added permissions for
> and my google searches do show that.. Im always wondering what people used for there searches.
> When they can find it.
> I also noticed on the link: https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End
> Verify that your /etc/krb5.conf Kerberos client configuration file is readable by your BIND user. For example:
> # ls -l /etc/krb5.conf
> -rw-r--r--. 1 root named 99 2. Sep 2014 /etc/krb5.conf
> Im wondering.. /etc/krb5.conf is setup to 644, why is named added if we have 644?
> Second, if we dont have 644 and we use 640,
> Then use setfacl and not chmod ... add the needed users to the a group and allow it to read it.
Just checked on one of my DCs and I have:
-rw-r--r-- 1 root root 114 Apr 24 2018 /etc/krb5.conf
Everything works okay ;-)
I think that something like 'krb5.conf', which is just a conf file, is
okay to be readable by anyone, but only writeable by root.
> My "in general rule" here is, if its only used by one program, you can use chmod and apply posix rights.
> If a file/folder needs to be read by multiple users, of use groups or add extra acls.
> This is a part we should correct a bit.
I would replace 'only used by' with 'writeable by' in the above statement.
> A few simple tips in howto improve you google skills.
> Lets take this example. > google: "samba wiki bind9 dlz chmod"
> Prio of words, from left to right. Important -> less important.
> Howto improve the above string:
> Google: +samba wiki +bind9 dlz chmod
> + means, this MUST be on the website.
> - means, this MUST NOT be on the website.
> More direct search.
> +samba wiki +bind9 dlz chmod +site:wiki.samba.org -site:www.samba.org
> Means, only search on the site wiki.samba.org for the words, and remove any www.samba.org results.
> And here you go only 2 link with the correct info.
Well, yes, but no search is any good, if the data isn't there when you
do the search ;-)
More information about the samba