Bug 1265710 - [RFE] tdb files in /var/lib/samba are world-readable [-rw-r--r--.]
[RFE] tdb files in /var/lib/samba are world-readable [-rw-r--r--.]
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: IPA Maintainers
Namita Soman
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2015-09-23 10:02 EDT by Sudhir Menon
Modified: 2015-09-24 04:06 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-09-24 04:06:38 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Sudhir Menon 2015-09-23 10:02:42 EDT
Description of problem: tdb files in /var/lib/samba are world-readable [-rw-r--r--.]

Version-Release number of selected component (if applicable):

How reproducible:Always.

Steps to Reproduce:
1. Install IPA server on RHEL7.2
2. Navigate to /var/lib/samba directory

Actual results: Some of the .tdb files are world-readable, which shouldn't be if it isn't really required.

-rw-r--r--. 1 root root    40200 Sep 23 19:22 brlock.tdb
-rw-r--r--. 1 root root    20480 Sep 23 19:28 gencache_notrans.tdb
-rw-r--r--. 1 root root   430080 Sep 23 19:26 gencache.tdb
-rw-r--r--. 1 root root      696 Sep 23 19:22 leases.tdb
-rw-r--r--. 1 root root    40200 Sep 23 19:22 locking.tdb
-rw-r--r--. 1 root root      696 Sep 23 19:22 notify_index.tdb
-rw-r--r--. 1 root root      696 Sep 23 19:22 notify.tdb
-rw-r--r--. 1 root root     8192 Sep 23 19:28 serverid.tdb

Expected results: .tdb file permissions should be consistent with other files in the directory i.e 640 and should be 644 only if required.

Additional info:
Comment 2 Martin Kosek 2015-09-24 03:14:08 EDT
Alexander, please help us assess this one.
Comment 3 Alexander Bokovoy 2015-09-24 04:06:38 EDT
These files have to be world readable or smbd processes running under specific users wouldn't be able to coordinate locking, for example. This bug is nonsense.

Note You need to log in before you can comment on or make changes to this bug.