s3:idmap_tdb2: make idmap2.tdb non readable for others

author Shwetha Acharya <Shwetha.K.Acharya@ibm.com>

Wed, 1 Apr 2026 08:16:29 +0000 (13:46 +0530)

committer Anoop C S <anoopcs@samba.org>

Tue, 7 Apr 2026 15:09:38 +0000 (15:09 +0000)
author Shwetha Acharya <Shwetha.K.Acharya@ibm.com>
Wed, 1 Apr 2026 08:16:29 +0000 (13:46 +0530)
committer Anoop C S <anoopcs@samba.org>
Tue, 7 Apr 2026 15:09:38 +0000 (15:09 +0000)
diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c

index d843aeea5239a9408ceb48b49f5586745fc6abd1..97f151f42361244e05478cf2076652298dec456b 100644 (file)
--- a/source3/winbindd/idmap_tdb2.c
+++ b/source3/winbindd/idmap_tdb2.c
@@ -113,7 +113,7 @@ static NTSTATUS idmap_tdb2_open_db(struct idmap_domain *dom)
         NT_STATUS_HAVE_NO_MEMORY(db_path);
  
         /* Open idmap repository */
-       ctx->db = db_open(ctx, db_path, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0644,
+       ctx->db = db_open(ctx, db_path, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0640,
                           DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE);
         if (ctx->db == NULL) {
                 DEBUG(0, ("Unable to open idmap_tdb2 database '%s'\n",
author	Shwetha Acharya <Shwetha.K.Acharya@ibm.com>
	Wed, 1 Apr 2026 08:16:29 +0000 (13:46 +0530)
committer	Anoop C S <anoopcs@samba.org>
	Tue, 7 Apr 2026 15:09:38 +0000 (15:09 +0000)