On 06/19, Mike Pumford wrote:
On 18/06/2018 16:46, Steve Blinkhorn wrote:
I upgraded to Version 4.6.8 of the samba suite from the Q1 binary
collection for amd64 (7.0), and have finally got back to the condition
I was in vis a vis my Windows 10 box before it got stroppy and refused
to connect either way. I found the following:
The libraries were installed into /usr/pkg/lib/samba/private, where
they were inaccessible to the binaries. I made hard links for them
in /usr/pkg/lib.
I think the perms generated by the package are wrong. If you do:
chmod 711 /usr/pkg/lib/samba/private
Then the binaries will work without any symlinks and also without
exposing the folder contents to prying eyes. Not sure why this
folder is so locked down on NetBSD. The FreeBSD and linux samba
packages don't do this and FreeBSD actually makes the folder world
and group readable as well.
Maybe because of the "The smbpasswd File" section at:
https://www.samba.org/samba/docs/using_samba/ch09.html
which says:
Only the root user should have read/write access to the private
directory, and no other users should have access to it at all. In
addition, the smbpasswd file should have all access denied to all
users except for root. When things are set up for good security, long
listings of the private directory and smbpasswd file look like the
following:
# ls -ld /usr/local/samba/private
drwx------ 2 root root 4096 Nov 26 01:11
/usr/local/samba/private
# ls -l /usr/local/samba/private/smbpasswd
-rw------- 1 root root 204 Nov 26 01:11
/usr/local/samba/private/smbpasswd
I know practically nothing about Samba, and that document also has a
watermark that says, "this is old documentation and might be incorrect."