[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ifupdown writes to /etc... a bug?

On Sat, 29 Mar 2003 19:09, Steve Langasek wrote:
> > Samba has it's smbpasswd file that is written by network password
> > changes, and a few other writable files.
> No, smbpasswd is the last file left that Samba writes to in /etc.  If


> there's a consensus that it should be moved, now's a good time to do it:
> Samba 3.0 will include a new binary database format which, if all goes
> well, will replace smbpasswd as the default SAM backend, and this
> passdb.tdb file seems most suitable for moving to /var/lib.

Sounds like a good plan.  Could you file the bug reports requesting that as 
you appear to know the details?

> > I don't know why the others need such access.  I just looked at the SE
> > Linux policy tree to see which programs were permitted to write to files
> > under /etc, apparently the programs would not work properly without the
> > access being granted.
> I think your policy is accounting for outdated versions of several
> packages.  The current location for ntp.drift is /var/lib/ntp/ntp.drift,
> where it belongs.

The policy does account for old versions of programs.  I can't force SE Linux 
users to run the latest versions of everything.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: