On Tue, May 03, 2005 at 11:14:07AM +0200, Christian Perrier wrote: > > The correct way to handle this is to have a 'winbind_priv' group, put > > squid and any other apps (apache for mod_ntlm_winbind?) you must have > > access the winbind pipe in it, and set that group on the directory. > > > > In squid, you do *not* specify the effective group id, instead you > > ensure the primary and supplementary groups for squid are squid > > (primary) and winbind_priv (secondary). At startup, squid will > > initgroups() to get the right privileges.
> So, well, this means that this bug report should then be cloned to > both squid and samba packages: > -samba: use a winbind_priv (or whatever the maintainers choose to name > it) group and change group ownership of > /var/run/samba/winbindd_privileged to it > -squid: make the squid user member of the winbind_priv group > And probably the same for the www-data user the Apache server runs > with. > Eloy, Steve, I guess it's up to you to decide whether this is worth > it. Mmm, I think this is probably best left to the local admin, at least for the time being. -- Steve Langasek postmodern programmer
signature.asc
Description: Digital signature
