diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2012-11-11 21:32:22 +1100 |
|---|---|---|
| committer | Michael Adam <obnox@samba.org> | 2012-11-12 12:36:27 +0100 |
| commit | 18e13224eb75349fc9790f20aab125f485979760 (patch) | |
| tree | d39d7650e9044921b26b6585055cf7b2957549d4 /source4/libnet/libnet_join.h | |
| parent | 77bd7ea1664514a8988941d454fc621c7f0943d1 (diff) | |
| download | samba-18e13224eb75349fc9790f20aab125f485979760.tar.gz samba-18e13224eb75349fc9790f20aab125f485979760.tar.bz2 samba-18e13224eb75349fc9790f20aab125f485979760.zip | |
ntp_signd: Only allow group access to the ntp signd directory.
Existing installations running ntp as group 'ntp' will need to change
the permissions on the ntp_signd socket directory (eg
PREFIX/lib/ntp_signd or /var/lib/samba/ntp_signd)
The reason is that allowing other users on the host access to this
directory would allow them to potentially spoof time on the network,
or attack the password database with a chosen plaintext attack.
Permissions should be changed to:
ownership root:ntp (if ntp runs as gid ntp)
mode 0750 (this is what it will be created as)
If the permissions are not changed, Samba will refuse to start the
ntp_signd server, and NTP operations will not be signed. As the error
is declared fatal, in the future, Samba may totally refused to start.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Nov 12 12:36:30 CET 2012 on sn-devel-104
Diffstat (limited to 'source4/libnet/libnet_join.h')
0 files changed, 0 insertions, 0 deletions