diff options
Diffstat (limited to 'source3/groupdb')
| -rw-r--r-- | source3/groupdb/mapping_ldb.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/source3/groupdb/mapping_ldb.c b/source3/groupdb/mapping_ldb.c index 6775f612e7..7ce879fb6e 100644 --- a/source3/groupdb/mapping_ldb.c +++ b/source3/groupdb/mapping_ldb.c @@ -60,6 +60,9 @@ static bool init_group_mapping(void) ldb = ldb_init(NULL); if (ldb == NULL) goto failed; + /* Ensure this db is created read/write for root only. */ + ldb_set_create_perms(ldb, 0600); + existed = file_exist(db_path, NULL); if (lp_parm_bool(-1, "groupmap", "nosync", False)) { @@ -74,7 +77,13 @@ static bool init_group_mapping(void) if (ret != LDB_SUCCESS) { goto failed; } - + + /* force the permissions on the ldb to 0600 - this will fix + existing databases as well as new ones */ + if (chmod(db_path, 0600) != 0) { + goto failed; + } + if (!existed) { /* initialise the ldb with an index */ struct ldb_ldif *ldif; |