[Samba] How to tell Samba not to use the passwd file
Gerald (Jerry) Carter
jerry at samba.org
Tue Jan 3 17:30:44 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dwight Tovey wrote:
>>set an invalid users line in [global]
>>
>> invalid users = daemon bin lpd mail .....
>>
> Well, not quite. As I understand the smb.conf man page,
Did you actually test it? Or just read the man page. This use to
be enough to prevent system account home directories.
> I don't disagree that I had it misconfigured. But I wonder
> how many other people with PDCs running have this same
> misconfiguration. Given that this could potentially leave
> the Unix system completely open, I wonder if section 17.5.2
> of the Samba 3 Howto should stress more about the dangers
> of allowing access to other users home directories,
> especially these "system" users.
It doesn't leave the Unix system wide open. You only get the access
that you would have at a shell prompt. Now something like
'admin users = +users' would be a serious misconfiguration but that
type of thing is mentioned in the smb.conf(5) man page.
cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm) ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"There's an anonymous coward in all of us." --anonymous
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDurTEIR7qMdg1EfYRAopnAKCp0FinVgWas01T9m0i1eF4Ja/bQACg0XMN
bB5p0gVPIGKY2o761qeJ6ic=
=mFe0
-----END PGP SIGNATURE-----
More information about the samba
mailing list