URGENT: REDHAT 6.1 STORES SAMBA PRIVATE FILES IN /etc
vorlon at netexpress.net
vorlon at netexpress.net
Mon Dec 20 22:09:05 GMT 1999
On Tue, 21 Dec 1999, Luke Kenneth Casson Leighton wrote:
> > I agree it would be safer to have a /etc/samba-private
> > directory set root only, but they do not ship the system
> > as insecure by default (ie. they *can* put root read
> > only files in /etc, and it *is* safe to do so).
> jeremy, the pam writers created an /etc/security directory for these sorts
> of things. the /etc/security directory is there to make it really, really
> obvious that these files are not to be messed with.
% ls -l /etc/security
-rw-r--r-- 1 root root 1971 Jun 7 1999 access.conf
drwxr-xr-x 2 root root 1024 Jun 7 1999 console.apps/
-rw-r--r-- 1 root root 1342 Jun 7 1999 console.perms
-rw-r--r-- 1 root root 2145 Jun 7 1999 group.conf
-rw-r--r-- 1 root root 1296 Jun 7 1999 limits.conf
-rw-r--r-- 1 root root 2736 Jun 7 1999 pam_env.conf
-rw-r--r-- 1 root root 2154 Jun 7 1999 time.conf
% ls -ld /etc/security
drwxr-xr-x 3 root root 1024 Jun 7 1999 /etc/security/
These files are not normally locked down. The reason for creating an
/etc/security directory is simply to put all of these configuration files
in a single, easy-to-find place. It is *not* expected to provide
additional security for the files contained within; it is only there to
provide some semblance of heirarchical organization in the often-cluttered
/etc directory.
-Steve Langasek
postmodern programmer
More information about the samba-technical
mailing list