summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xselftest/selftest.pl10
-rw-r--r--selftest/target/Samba3.pm18
2 files changed, 13 insertions, 15 deletions
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 5077a17901..6f8cbe1fe8 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -399,8 +399,14 @@ $prefix =~ s+/$++;
die("using an empty prefix isn't allowed") unless $prefix ne "";
-#Ensure we have the test prefix around
-mkdir($prefix, 0777) unless -d $prefix;
+# Ensure we have the test prefix around.
+#
+# We need restrictive
+# permissions on this as some subdirectories in this tree will have
+# wider permissions (ie 0777) and this would allow other users on the
+# host to subvert the test process.
+mkdir($prefix, 0700) unless -d $prefix;
+chmod 0700, $prefix;
my $prefix_abs = abs_path($prefix);
my $tmpdir_abs = abs_path("$prefix/tmp");
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 6312d650a0..01158347b3 100644
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -247,24 +247,16 @@ sub setup_admember($$$$)
return undef;
}
+ # We need world access to this share, as otherwise the domain
+ # administrator from the AD domain provided by Samba4 can't
+ # access the share for tests.
+ chmod 0777, "$prefix/share";
+
$self->check_or_start($ret,
"yes", "yes", "yes");
$self->wait_for_start($ret);
- my $smbcacls = Samba::bindir_path($self, "smbcacls");
- #Allow domain users to manipulate the share
- $cmd = "";
- $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
- $cmd .= "KRB5_CONFIG=\"$ret->{KRB5_CONFIG}\" ";
- $cmd .= "$smbcacls $ret->{CONFIGURATION} //127.0.0.29/tmp / -U$ret->{USERNAME}%$ret->{PASSWORD} ";
- $cmd .= "-S ACL:$dcvars->{DOMAIN}\\\\Domain\\ Users:ALLOWED/0x0/FULL";
-
- if (system($cmd) != 0) {
- warn("smbcacls failed, your filesystem may not support ACLs. Try mount $prefix_abs -oremount,acl\nThis support is required for S3 member in S4 tests\n$cmd");
- return undef;
- }
-
$ret->{DC_SERVER} = $dcvars->{SERVER};
$ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
$ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};