From d7680a968008cda6ed41acfb8d3bbdf4bdff6afb Mon Sep 17 00:00:00 2001 From: jlam Date: Tue, 5 Feb 2002 05:14:46 +0000 Subject: Modify the package so that the message is only displayed if SAMBA_USE_LDAP is not defined, as that is the only time when the smbpasswd file is consulted. Also don't create a the smbpasswd file from /etc/passwd, as that generates a lot of bad users, e.g. root, daemon, operator, etc. Instead, just create an empty smbpasswd file and rely on the admin to add approved users to the smbpasswd file using "smbpasswd -a". --- net/samba/INSTALL | 14 +------------- net/samba/MESSAGE | 15 --------------- net/samba/MESSAGE.smbpasswd | 17 +++++++++++++++++ net/samba/Makefile | 17 ++++++++++++----- 4 files changed, 30 insertions(+), 33 deletions(-) delete mode 100644 net/samba/MESSAGE create mode 100644 net/samba/MESSAGE.smbpasswd (limited to 'net/samba') diff --git a/net/samba/INSTALL b/net/samba/INSTALL index d7fc2cf143c..17841c40c42 100644 --- a/net/samba/INSTALL +++ b/net/samba/INSTALL @@ -1,24 +1,12 @@ #!/bin/sh # -# $NetBSD: INSTALL,v 1.3 2002/02/05 00:36:25 taca Exp $ +# $NetBSD: INSTALL,v 1.4 2002/02/05 05:14:46 jlam Exp $ SAMBA_LOCKDIR="@SAMBA_LOCKDIR@" SAMBA_PRIVATE="@SAMBA_PRIVATE@" case ${STAGE} in POST-INSTALL) - # Create SMB password file - if [ ! -e ${SAMBA_PRIVATE}/smbpasswd ] - then - ${ECHO} -n "Creating ${SAMBA_PRIVATE}/smbpasswd..." - ${CHOWN} -R 0:0 ${SAMBA_PRIVATE} - ${CAT} /etc/passwd | ${PKG_PREFIX}/sbin/mksmbpasswd \ - > ${SAMBA_PRIVATE}/smbpasswd - ${CHMOD} 600 ${SAMBA_PRIVATE}/smbpasswd - ${CHMOD} 500 ${SAMBA_PRIVATE} - echo "done." - fi - # Check for files in old "lock" directory. if [ -e /var/run/samba ] then diff --git a/net/samba/MESSAGE b/net/samba/MESSAGE deleted file mode 100644 index 6e77aa98fe5..00000000000 --- a/net/samba/MESSAGE +++ /dev/null @@ -1,15 +0,0 @@ -=========================================================================== -$NetBSD: MESSAGE,v 1.2 2001/11/21 17:13:38 jlam Exp $ - - *===* Security Notes *===* - -The users' encrypted passwords stored in ${ETCDIR}/private/smbpasswd -(default: /etc/samba/private/smbpasswd) *ARE PASSWORD EQUIVALENT* -from the viewpoint of SMB protocol. Do not weaken the permission -mode of this file (default: root.wheel and rw-------) without any -special reasons. And please note that even if you pkg_delete this -port, pkg_delete will *NOT* remove the smbpasswd file because -pkg_delete can be used for upgrading this package. If you won't use -this package anymore, I strongly recommend that you remove the -smbpasswd file manually. -=========================================================================== diff --git a/net/samba/MESSAGE.smbpasswd b/net/samba/MESSAGE.smbpasswd new file mode 100644 index 00000000000..7bc088440c1 --- /dev/null +++ b/net/samba/MESSAGE.smbpasswd @@ -0,0 +1,17 @@ +=========================================================================== +$NetBSD: MESSAGE.smbpasswd,v 1.1 2002/02/05 05:14:46 jlam Exp $ + + *===* SECURITY NOTES *===* + +The users' encrypted passwords stored in + + ${SAMBA_ETCDIR}/private/smbpasswd + +are _PASSWORD_EQUIVALENT_ from the viewpoint of SMB protocol. Do not +weaken the permissions of this file (owned by ${ROOT_USER}:${ROOT_GROUP} and with file +mode rw-------) without any special reasons. + +Please note that even if you pkg_delete ${PKGNAME}, pkg_delete will +not remove the smbpasswd file. If you won't use this package anymore, it +is strongly recommended that you remove the smbpasswd file manually. +=========================================================================== diff --git a/net/samba/Makefile b/net/samba/Makefile index 00451e9cc57..3cdaf7db118 100644 --- a/net/samba/Makefile +++ b/net/samba/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.79 2002/02/05 03:04:20 jlam Exp $ +# $NetBSD: Makefile,v 1.80 2002/02/05 05:14:46 jlam Exp $ DISTNAME= samba-2.2.3 PKGREVISION= 1 @@ -75,6 +75,9 @@ CONFIGURE_ARGS+= --with-ldapsam PLIST_SUBST+= SAMBA_LDAP="" .else PLIST_SUBST+= SAMBA_LDAP="@comment " +MESSAGE_SRC= ${.CURDIR}/MESSAGE.smbpasswd +SMBPASSWD_FILE= /dev/null ${SAMBA_PRIVATE}/smbpasswd \ + ${ROOT_USER} ${ROOT_GROUP} 0700 .endif # The following are Linux-only options. @@ -89,11 +92,15 @@ FILES_SUBST= SAMBA_PRIVATE=${SAMBA_PRIVATE} FILES_SUBST+= SAMBA_LOCKDIR=${SAMBA_LOCKDIR} FILES_SUBST+= SAMBA_LOGDIR=${SAMBA_LOGDIR} FILES_SUBST+= SAMBA_ETCDIR=${SAMBA_ETCDIR} -MESSAGE_SUBST+= ETCDIR=${SAMBA_ETCDIR} +MESSAGE_SUBST+= SAMBA_ETCDIR=${SAMBA_ETCDIR} +MESSAGE_SUBST+= ROOT_GROUP=${ROOT_GROUP} +MESSAGE_SUBST+= ROOT_USER=${ROOT_USER} CONF_FILES= ${EXAMPLESDIR}/smb.conf.sample ${SAMBA_ETCDIR}/smb.conf +SUPPORT_FILES_PERMS= ${SMBPASSWD_FILE} RCD_SCRIPTS= samba nmbd smbd -OWN_DIRS= ${SAMBA_ETCDIR} ${SAMBA_PRIVATE} ${SAMBA_LOCKDIR} +OWN_DIRS= ${SAMBA_ETCDIR} ${SAMBA_LOCKDIR} +OWN_DIRS_PERMS= ${SAMBA_PRIVATE} ${ROOT_USER} ${ROOT_GROUP} 0500 INSTALL_EXTRA_TMPL= ${PKGDIR}/INSTALL @@ -103,7 +110,7 @@ post-extract: ${RM} -r ${WRKDIR}/${DISTNAME}/docs/textdocs/outdated pre-install: - for script in ${RCD_SCRIPTS}; do \ + @for script in ${RCD_SCRIPTS}; do \ ${SED} ${FILES_SUBST_SED} ${FILESDIR}/$${script}.sh \ > ${WRKDIR}/$${script}; \ done @@ -130,7 +137,7 @@ post-install: ${INSTALL_SCRIPT} ${WRKSRC}/script/mksmbpasswd.sh \ ${PREFIX}/sbin/mksmbpasswd - ${SED} ${FILES_SUBST_SED} \ + @${SED} ${FILES_SUBST_SED} \ ${FILESDIR}/smb.conf.sample > ${WRKDIR}/smb.conf.sample ${INSTALL_DATA} ${WRKDIR}/smb.conf.sample ${EXAMPLESDIR} -- cgit v1.2.3