diff options
| author | jlam <jlam> | 2002-02-05 05:14:46 +0000 |
|---|---|---|
| committer | jlam <jlam> | 2002-02-05 05:14:46 +0000 |
| commit | 046804b1bab4503fb8ce3ffc8b12b1b9322059e0 (patch) | |
| tree | cd8fd5d42714b56a069d75ef124f0a9f6f86807f /net | |
| parent | 66e542fd64e9ba63c8bca8098e0b39e1366cec9e (diff) | |
| download | pkgsrc-046804b1bab4503fb8ce3ffc8b12b1b9322059e0.tar.gz | |
Modify the package so that the message is only displayed if SAMBA_USE_LDAP
is not defined, as that is the only time when the smbpasswd file is
consulted. Also don't create a the smbpasswd file from /etc/passwd, as
that generates a lot of bad users, e.g. root, daemon, operator, etc.
Instead, just create an empty smbpasswd file and rely on the admin to add
approved users to the smbpasswd file using "smbpasswd -a".
Diffstat (limited to 'net')
| -rw-r--r-- | net/samba/INSTALL | 14 | ||||
| -rw-r--r-- | net/samba/MESSAGE | 15 | ||||
| -rw-r--r-- | net/samba/MESSAGE.smbpasswd | 17 | ||||
| -rw-r--r-- | net/samba/Makefile | 17 |
4 files changed, 30 insertions, 33 deletions
diff --git a/net/samba/INSTALL b/net/samba/INSTALL index d7fc2cf143c..17841c40c42 100644 --- a/net/samba/INSTALL +++ b/net/samba/INSTALL @@ -1,24 +1,12 @@ #!/bin/sh # -# $NetBSD: INSTALL,v 1.3 2002/02/05 00:36:25 taca Exp $ +# $NetBSD: INSTALL,v 1.4 2002/02/05 05:14:46 jlam Exp $ SAMBA_LOCKDIR="@SAMBA_LOCKDIR@" SAMBA_PRIVATE="@SAMBA_PRIVATE@" case ${STAGE} in POST-INSTALL) - # Create SMB password file - if [ ! -e ${SAMBA_PRIVATE}/smbpasswd ] - then - ${ECHO} -n "Creating ${SAMBA_PRIVATE}/smbpasswd..." - ${CHOWN} -R 0:0 ${SAMBA_PRIVATE} - ${CAT} /etc/passwd | ${PKG_PREFIX}/sbin/mksmbpasswd \ - > ${SAMBA_PRIVATE}/smbpasswd - ${CHMOD} 600 ${SAMBA_PRIVATE}/smbpasswd - ${CHMOD} 500 ${SAMBA_PRIVATE} - echo "done." - fi - # Check for files in old "lock" directory. if [ -e /var/run/samba ] then diff --git a/net/samba/MESSAGE b/net/samba/MESSAGE deleted file mode 100644 index 6e77aa98fe5..00000000000 --- a/net/samba/MESSAGE +++ /dev/null @@ -1,15 +0,0 @@ -=========================================================================== -$NetBSD: MESSAGE,v 1.2 2001/11/21 17:13:38 jlam Exp $ - - *===* Security Notes *===* - -The users' encrypted passwords stored in ${ETCDIR}/private/smbpasswd -(default: /etc/samba/private/smbpasswd) *ARE PASSWORD EQUIVALENT* -from the viewpoint of SMB protocol. Do not weaken the permission -mode of this file (default: root.wheel and rw-------) without any -special reasons. And please note that even if you pkg_delete this -port, pkg_delete will *NOT* remove the smbpasswd file because -pkg_delete can be used for upgrading this package. If you won't use -this package anymore, I strongly recommend that you remove the -smbpasswd file manually. -=========================================================================== diff --git a/net/samba/MESSAGE.smbpasswd b/net/samba/MESSAGE.smbpasswd new file mode 100644 index 00000000000..7bc088440c1 --- /dev/null +++ b/net/samba/MESSAGE.smbpasswd @@ -0,0 +1,17 @@ +=========================================================================== +$NetBSD: MESSAGE.smbpasswd,v 1.1 2002/02/05 05:14:46 jlam Exp $ + + *===* SECURITY NOTES *===* + +The users' encrypted passwords stored in + + ${SAMBA_ETCDIR}/private/smbpasswd + +are _PASSWORD_EQUIVALENT_ from the viewpoint of SMB protocol. Do not +weaken the permissions of this file (owned by ${ROOT_USER}:${ROOT_GROUP} and with file +mode rw-------) without any special reasons. + +Please note that even if you pkg_delete ${PKGNAME}, pkg_delete will +not remove the smbpasswd file. If you won't use this package anymore, it +is strongly recommended that you remove the smbpasswd file manually. +=========================================================================== diff --git a/net/samba/Makefile b/net/samba/Makefile index 00451e9cc57..3cdaf7db118 100644 --- a/net/samba/Makefile +++ b/net/samba/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.79 2002/02/05 03:04:20 jlam Exp $ +# $NetBSD: Makefile,v 1.80 2002/02/05 05:14:46 jlam Exp $ DISTNAME= samba-2.2.3 PKGREVISION= 1 @@ -75,6 +75,9 @@ CONFIGURE_ARGS+= --with-ldapsam PLIST_SUBST+= SAMBA_LDAP="" .else PLIST_SUBST+= SAMBA_LDAP="@comment " +MESSAGE_SRC= ${.CURDIR}/MESSAGE.smbpasswd +SMBPASSWD_FILE= /dev/null ${SAMBA_PRIVATE}/smbpasswd \ + ${ROOT_USER} ${ROOT_GROUP} 0700 .endif # The following are Linux-only options. @@ -89,11 +92,15 @@ FILES_SUBST= SAMBA_PRIVATE=${SAMBA_PRIVATE} FILES_SUBST+= SAMBA_LOCKDIR=${SAMBA_LOCKDIR} FILES_SUBST+= SAMBA_LOGDIR=${SAMBA_LOGDIR} FILES_SUBST+= SAMBA_ETCDIR=${SAMBA_ETCDIR} -MESSAGE_SUBST+= ETCDIR=${SAMBA_ETCDIR} +MESSAGE_SUBST+= SAMBA_ETCDIR=${SAMBA_ETCDIR} +MESSAGE_SUBST+= ROOT_GROUP=${ROOT_GROUP} +MESSAGE_SUBST+= ROOT_USER=${ROOT_USER} CONF_FILES= ${EXAMPLESDIR}/smb.conf.sample ${SAMBA_ETCDIR}/smb.conf +SUPPORT_FILES_PERMS= ${SMBPASSWD_FILE} RCD_SCRIPTS= samba nmbd smbd -OWN_DIRS= ${SAMBA_ETCDIR} ${SAMBA_PRIVATE} ${SAMBA_LOCKDIR} +OWN_DIRS= ${SAMBA_ETCDIR} ${SAMBA_LOCKDIR} +OWN_DIRS_PERMS= ${SAMBA_PRIVATE} ${ROOT_USER} ${ROOT_GROUP} 0500 INSTALL_EXTRA_TMPL= ${PKGDIR}/INSTALL @@ -103,7 +110,7 @@ post-extract: ${RM} -r ${WRKDIR}/${DISTNAME}/docs/textdocs/outdated pre-install: - for script in ${RCD_SCRIPTS}; do \ + @for script in ${RCD_SCRIPTS}; do \ ${SED} ${FILES_SUBST_SED} ${FILESDIR}/$${script}.sh \ > ${WRKDIR}/$${script}; \ done @@ -130,7 +137,7 @@ post-install: ${INSTALL_SCRIPT} ${WRKSRC}/script/mksmbpasswd.sh \ ${PREFIX}/sbin/mksmbpasswd - ${SED} ${FILES_SUBST_SED} \ + @${SED} ${FILES_SUBST_SED} \ ${FILESDIR}/smb.conf.sample > ${WRKDIR}/smb.conf.sample ${INSTALL_DATA} ${WRKDIR}/smb.conf.sample ${EXAMPLESDIR} |