pkgsrc-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: upgrading to latest samba
On 06/19, Mike Pumford wrote:
> On 18/06/2018 16:46, Steve Blinkhorn wrote:
> >I upgraded to Version 4.6.8 of the samba suite from the Q1 binary
> >collection for amd64 (7.0), and have finally got back to the condition
> >I was in vis a vis my Windows 10 box before it got stroppy and refused
> >to connect either way. I found the following:
> >
> >The libraries were installed into /usr/pkg/lib/samba/private, where
> >they were inaccessible to the binaries. I made hard links for them
> >in /usr/pkg/lib.
>
> I think the perms generated by the package are wrong. If you do:
>
> chmod 711 /usr/pkg/lib/samba/private
>
> Then the binaries will work without any symlinks and also without
> exposing the folder contents to prying eyes. Not sure why this
> folder is so locked down on NetBSD. The FreeBSD and linux samba
> packages don't do this and FreeBSD actually makes the folder world
> and group readable as well.
Maybe because of the "The smbpasswd File" section at:
https://www.samba.org/samba/docs/using_samba/ch09.html
which says:
Only the root user should have read/write access to the private
directory, and no other users should have access to it at all. In
addition, the smbpasswd file should have all access denied to all
users except for root. When things are set up for good security, long
listings of the private directory and smbpasswd file look like the
following:
# ls -ld /usr/local/samba/private
drwx------ 2 root root 4096 Nov 26 01:11 /usr/local/samba/private
# ls -l /usr/local/samba/private/smbpasswd
-rw------- 1 root root 204 Nov 26 01:11 /usr/local/samba/private/smbpasswd
I know practically nothing about Samba, and that document also has a
watermark that says, "this is old documentation and might be incorrect."
Looking at (trunk, not 2018Q1):
https://github.com/NetBSD/pkgsrc/blob/trunk/net/samba4/Makefile
I see that SMB_PRIVATE is set to ${PREFIX}/lib/samba/private and is
specified with the "--with-privatedir=${SMB_PRIVATE}" configure option,
and the permissions are explicitly set to 0700 via the OWN_DIRS_PERMS
variable.
Lewis
Home |
Main Index |
Thread Index |
Old Index