[Samba] user are able to access "/" partition.

Dhillon, Gurjit dhillon.gs at pg.com
Tue May 15 02:28:10 GMT 2007 

-----Original Message-----
From: Gianluca Culot [mailto:gianlucaculot at dmsware.com] 
Sent: Monday, May 14, 2007 6:44 AM
To: Dhillon, Gurjit; samba at lists.samba.org
Subject: R: [Samba] user are able to access "/" partition.


> -----Messaggio originale-----
> Da: samba-bounces+gianlucaculot=dmsware.com at lists.samba.org
> [mailto:samba-bounces+gianlucaculot=dmsware.com at lists.samba.org]Per
> conto di Dhillon, Gurjit
> Inviato: lunedi 14 maggio 2007 11.37
> A: samba at lists.samba.org
> Oggetto: [Samba] user are able to access "/" partition.
>
>
> Hi All.
>
>
>
> We have a samba server at our location. We are facing out with some
> issue. User who have the account on the server are able to access "/"
> root access.
>
> I have tried to add an extra line In Home sharing, which is "path =
%H",
> this lined solved my issue, but gave other issue. After implementing
> this line under Home share, I am not able to open any other user's
home
> directory which is shared to me or have access to open. If I try to
> access other user home, it simply open my own home directory, even the
> directory which I am not author... , I endup opening my own home
> directory instead of getting error.
>
>
>
> Can any one out some light in this issue, how can I configure My
samba,
> where I can access other's shared home directory and stop other user
to
> access "/" partition.
>
>
>
>
>
> Below is the output of configuration file. There are 2 conf file ,
> /etc/samba/smb.conf and /usr/samba/lib/smb.conf.NU-DEV0
>
>
>
> Cat  /etc/samba/smb.conf
>
>
>
> # Global parameters
>
> [global]
>
>         workgroup = TEST
>
>         server string = Test Samba Server
>
>         security = share
>
>         encrypt passwords = Yes
>
>         passwd program = /usr/bin/passwd %u
>
>         passwd chat = *ew*password:* %n\n *e-enter*new*password:* %n\n
>
>         max log size = 5000
>
>         log level = 2
>
>         name resolve order = host
>
>         socket options = TCP_NODELAY
>
> #       vfs objects = sgistats
>
>         use sendfile = No
>
>         max xmit = 65535
>
>         strict locking = no
>
>         printcap name = lpstat -t
>
>         os level = 0
>
>         oplocks = No
>
>         kernel oplocks = No
>
>         level2 oplocks = No
>
>         preferred master = No
>
>         local master = No
>
>         domain master = No
>
>         dns proxy = No
>
>         comment = Samba %v
>
>         guest account = guest
>
> #WARNING: The "printer admin" option is deprecated
>
> #       printer admin = lp
>
>         printing = bsd
>
>         print command = /usr/samba/bin/sambalp %p %s %U %m
>
> #       dmapi support = yes
>
>
>
> smb passwd file =
> /usr/samba/dmf/journals/.samba/CAENFS/private/smbpasswd
>
> private dir = /usr/samba//dmf/journals/.samba/CAENFS/private
>
> log file = /usr/samba/dmf/journals/.samba/CAENFS/log/log.%m
>
> #lock dir = /usr/samba/dmf/journals/.samba/CAENFS/locks
>
> #pid directory = /dmf/journals/.samba/CAENFS/locks
>
> #bind interfaces only = yes
>
> netbios name = nu-dev0
>
> #interfaces = 143.5.145.55/255.255.255.192
>
> include=/usr/samba/lib/smb.conf.%L
>
>
>
> include=/usr/samba/lib/smb.conf.%L is  opening a file called
> /usr/samba/lib/smb.conf.NU-DEV0
>
>
>
> cat /usr/samba/lib/smb.conf.NU-DEV0
>
>
>
> [homes]
>
>         comment = Home Directories
>
>         read only = No
>
>         max connections = 5
>
>         browseable = YES
>
>
>
>
>
> [temp]
>
>         comment = test temp dirctory
>
>         path = /temp
>
>         admin users = bf6364, be9532
>
> #        write list = be9532
>
> #       browseable = Yes
>
>         read only = No
>
>
>
>
>
>
>
>
>
> Thanks
>
> Gurjit Dhillon
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

I would try to add
path = /usr/home
into [home] section

or some reason it's likely your implementation of samba is defaulting
path
to
path = /

this could be considered a security breach.... but... just add path to
the
section and try again

------------------------------------------------------------------------
------------------------------------------------------------------------
--------

We have the system customized, there are few user whose home directory
is under /corp/home/gurjit or /fem/home/gurjit1 or /family/home/gurjit2.
so I cannot mention path = /home/ 

How can I go about this now ??

Thanks
Gurjit Dhillon

More information about the samba mailing list