summaryrefslogtreecommitdiff
path: root/source3/groupdb/mapping_ldb.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/groupdb/mapping_ldb.c')
-rw-r--r--source3/groupdb/mapping_ldb.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/source3/groupdb/mapping_ldb.c b/source3/groupdb/mapping_ldb.c
index 6775f612e7..7ce879fb6e 100644
--- a/source3/groupdb/mapping_ldb.c
+++ b/source3/groupdb/mapping_ldb.c
@@ -60,6 +60,9 @@ static bool init_group_mapping(void)
ldb = ldb_init(NULL);
if (ldb == NULL) goto failed;
+ /* Ensure this db is created read/write for root only. */
+ ldb_set_create_perms(ldb, 0600);
+
existed = file_exist(db_path, NULL);
if (lp_parm_bool(-1, "groupmap", "nosync", False)) {
@@ -74,7 +77,13 @@ static bool init_group_mapping(void)
if (ret != LDB_SUCCESS) {
goto failed;
}
-
+
+ /* force the permissions on the ldb to 0600 - this will fix
+ existing databases as well as new ones */
+ if (chmod(db_path, 0600) != 0) {
+ goto failed;
+ }
+
if (!existed) {
/* initialise the ldb with an index */
struct ldb_ldif *ldif;
generated by cgit (git 2.34.1) at 2024-07-21 19:58:21 +0000