> The correct way to handle this is to have a 'winbind_priv' group, put > squid and any other apps (apache for mod_ntlm_winbind?) you must have > access the winbind pipe in it, and set that group on the directory. > > In squid, you do *not* specify the effective group id, instead you > ensure the primary and supplementary groups for squid are squid > (primary) and winbind_priv (secondary). At startup, squid will > initgroups() to get the right privileges.
So, well, this means that this bug report should then be cloned to both squid and samba packages: -samba: use a winbind_priv (or whatever the maintainers choose to name it) group and change group ownership of /var/run/samba/winbindd_privileged to it -squid: make the squid user member of the winbind_priv group And probably the same for the www-data user the Apache server runs with. Eloy, Steve, I guess it's up to you to decide whether this is worth it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
