From: Shwetha Acharya <Shwetha.K.Acharya@ibm.com>
Date: Wed, 1 Apr 2026 08:16:29 +0000 (+0530)
Subject: s3:idmap_tdb2: make idmap2.tdb non readable for others
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=afbcc92241e36d75bea7e39ca653af45f0526d93;p=thirdparty%2Fsamba.git

s3:idmap_tdb2: make idmap2.tdb non readable for others

Signed-off-by: Shwetha Acharya <Shwetha.K.Acharya@ibm.com>
Reviewed-by: Xavi Hernandez <xhernandez@redhat.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Anoop C S <anoopcs@samba.org>
---

diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c
index d843aeea523..97f151f4236 100644
--- a/source3/winbindd/idmap_tdb2.c
+++ b/source3/winbindd/idmap_tdb2.c
@@ -113,7 +113,7 @@ static NTSTATUS idmap_tdb2_open_db(struct idmap_domain *dom)
 	NT_STATUS_HAVE_NO_MEMORY(db_path);
 
 	/* Open idmap repository */
-	ctx->db = db_open(ctx, db_path, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0644,
+	ctx->db = db_open(ctx, db_path, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0640,
 			  DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE);
 	if (ctx->db == NULL) {
 		DEBUG(0, ("Unable to open idmap_tdb2 database '%s'\n",