[Samba] Home directories and "guest ok" (was: Samba 2.2.3-1 package concerns)

Federico Sevilla III jijo at leathercollection.ph
Tue Feb 5 12:36:18 GMT 2002 

Eloy,
(cc Steve Langasek)
(cc Samba Mailing List)

Thank you very much for your timely response and your accurate assessment
of the situation with browsing home directories.

I'm sending a copy of this reply to the Samba mailing list since it looks
like my questions to follow don't have much to do with the Debian package
per se, anymore.

On Tue, 5 Feb 2002 at 10:43, Eloy A. Paris wrote:
> What's happening is that there is a system user called 'backup' (see
> /etc/passwd, see the home directory for this user) and the [homes] share
> in smb.conf is creating the 'backup' user's home directory on the fly.
> If you can browse the share you need to check the value of 'guest ok'.
> If it is 'yes' then the contents of your [homes] shares will be visible
> to anyone.

[Introduction to the Samba list: I found out quite by accident that if I
browsed //myserver/backup I got a list of files in /var/backups, which I
later found out thanks to Eloy is because Samba is browsing the home
directory of the user 'backup' which is /var/backups.]

According to the smb.conf(5) manpage "guest ok" is supposed to be defined
per service. I just checked my smb.conf and found that "guest ok = yes"
was only set in my netlogon, and printers services. Neither the "guest ok"
nor "public" directives appeared anywhere else.

I've already removed all "guest ok" directives for debugging purposes and
have found that one can still browse //myserver/backup (or the home
directories of other system accounts). Note, however, that at this point a
user -is- logged on. The server doesn't show anything to a computer where
a user has not properly logged on.

I also tried setting "guest ok = no" in the homes service, but browsing
the home directories of accounts like the 'backup' user is still possible.

This is not really that critical, since connections are made using the
user's account so one is still limited to his/her permissions. But it's
still not very nice. I wonder what's going on. Any ideas?

Thanks a lot in advance! :)

 --> Jijo

--
Federico Sevilla III  :: jijo at leathercollection.ph
Network Administrator :: The Leather Collection, Inc.
GnuPG Key: http://jijo.leathercollection.ph/jijo.gpg

More information about the samba mailing list