To use MySQL as CNID backend, afp.conf is written as follows.
cnid mysql host = localhost
cnid mysql user = <MySQL_user>
cnid mysql pw = <MySQL_password>
cnid mysql db = <MySQL_database_name>
path = /exports/netatalk
cnid scheme = mysql
afp.conf contains a clear text password for MySQL.
I'd like to prevent the password from non-root users, so I executed "chmod 600 afp.conf".
However, it does not work well.
afpd will run as user's ID when an user connects from OS X, so afpd cannot read afp.conf.
Of course, when afp.conf is 644, it works well.
I think it is a security hall on afp.conf, when MySQL is CNID backend.
A sample patch is attached.
Log in to post a comment.