[Pkg-samba-maint] Merging more Ubuntu changes?
Andrew Bartlett
abartlet at samba.org
Fri Dec 29 07:44:50 UTC 2006
On Thu, 2006-12-28 at 17:26 -0800, Steve Langasek wrote:
> On Tue, Dec 19, 2006 at 07:59:04AM +0100, Christian Perrier wrote:
> > > * debian/smb.conf:
> > > - Do not show the version number by default
>
> > I tend to agree with that one. Seeing all these "(samba x.y.z)"
> > servers on my network is annying..:-)
>
> I think this might have been done originally in response to upstream's
> concerns about our Samba builds not having a distinguishing version?
> Anyway, this is also a potential information leak to an attacker, so I don't
> object to the change.
We still report it to an anonymous session setup.
> > > - Comment out the default [homes] shares and add more verbose comments to
> > > explain what they do and how they work (closes: launchpad.net/27608)
>
> > ie not sharing homes by default....Any comments from other team members?
>
> I think homes should be shared by default.
>
> The launchpad bug report is an entertaining read. :)
:-)
> > > - Add a "valid users = %S" stanza to the commented-out [homes] section,
> > > to show users how to restrict access to \\server\username to only
> > > username.
>
> > Sounds fair.
>
> I wouldn't want to use such an example without consulting upstream first
> about its appropriateness. It's been a long time since I've bothered trying
> to use 'valid users = %foo' to secure home shares.
Yes, the 'valid users = %S' is recommended. Actually, the usual
complaint is about the games share, but nobody tries 'bin' and such...
> > > - Change the (commented-out) "printer admin" example to use "@lpadmin"
> > > instead of "@ntadmin", since the lpadmin group is used for spool admin.
>
> > Sounds fair
>
> This has security implications. It's not obvious that the set of admins for
> the local Unix printer spools is congruent to the set of admins for the NT
> printer drivers; unless someone can show why this should be the case, I
> object to such a change.
I'm pretty sure printer admin is depricated anyway
> > > * debian/panic-action:
> > > - Alter the panic-action script to encourage users to report their
> > > bugs in Ubuntu packages to Ubuntu, rather than reporting to Debian.
> > > Modify text to more closely match the Debian script
>
> > We could maybe make part of this script more easily configurable for
> > CDD by using variable parts that could be setup in /etc/default/samba
>
> No objections in principle.
>
> > > * debian/samba-common.templates:
> > > - Set default workgroup to MSHOME
>
> > Well, the current "DEBIAN_FANS" we have sounds a bit childish to
> > me. However, I'm unsure abnout the choice of "MSHOME" by Ubuntu...
>
> I wonder if we still have the debconf bug that prevents you from actually
> changing this workgroup name at install time? :/
Perhaps just leave it as the default of WORKGROUP?
> > > * debian/control:
> > > - remove typehandling
> > > - add update-inetd to Depends
>
> > Should be investigated.
>
> Yes, samba currently depends on netbase for use of update-inetd. Now that
> there is an update-inetd package, we should transition, but no hurry.
>
> > > * debian/samba-common.config:
> > > - do not change priority to HIGH if dhclient3 is installed
>
> > Interesting change. To be discussed
>
> Given the default is 'no', as it must be for policy reasons, I think we
> would still want this as a high-prio question, personally.
>
> > > - do not install mount.cifs and umount.cifs as suid
>
> > Well, that would be a regression for our users. Should we ask a
> > debconf question about this ?
>
> Ugh, no. :)
>
> I'm averse to making any changes to the mount helpers without a very, very
> thorough examination and discussion with upstream. But I'm even more averse
> to adding debconf questions for things like permissions. :)
>
> Cheers,
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20061229/f12f1f67/attachment-0001.pgp
More information about the Pkg-samba-maint
mailing list