Gerald (Jerry) Carter wrote: > Sure. Add a permission mode define to local.h and let > it be changed there at compile time. I don't think there is enough pent > up demand to make this a run-time parameter. That's all I'm saying.
Maybe all other people that had this problem just bit the bullet and ran their apps as root, or used workarounds like a cronjob that would make a daily copy of the smbpasswd file? ;) As far as I know there are no other applications that enforce hard-coded permissions on their files; for example OpenSSH and sendmail just print error messages like "permissions too open" or "cannot open <file>: world writable directory" and let root decide. I think that is a better way to handle permissions - although these programs in fact know that the permissions are broken, they won't touch them. Samba changes the permissions even when they're not broken. With the current configuration, there's unfortunately just no simple way to use the smbpasswd file as a back-end for other applications; in the case of FreeRADIUS I have to use smbpasswd because the MSCHAPv2 protocol that is used for authentication is incompatible to the /etc/passwd hashes. Having to recompile Samba would also be an unfortunate solution because we would have to deploy Samba as a custom package to >300 servers - forcing us to maintain the package for every security update that is yet to come. Martin v. Wittich -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba