[Samba] Revisit - Re: Default Hidden Disk Shares

Robert Moskowitz rgm at htt-consult.com
Wed Oct 20 13:37:09 MDT 2010 

Not to flog a dead horse,,,,

I am building a replacement for my old NT server at home (been running 
undisturbed since '95) using the amahi.org distro, and turning on the 
advanced settings for PDC support.  I have done a few things with the 
Amahi developers and have made mods to the DNS and DHCP setup script to 
suit my needs.  Now for tackling the Samba stuff before configuring all 
new workstations as well (upgrading from W2K wrkstations to XP pro woo!).

I am not so interested in C$ to access the whole drive, but to access 
all the user shares.  So I was thinking about something like:

[C$]
     comment = CC
     path = /home
     writeable = yes
     browseable = no
     valid users = admin1, admin2
     write list = admin1, admin2
     create mask = 0775
     force create mode = 0664
     directory mask = 0775
     force directory mode = 0775

[D$]
     comment = DD
     path = /var/hda/files
     writeable = yes
     browseable = no
     valid users = admin1, admin2
     write list = admin1, admin2
     create mask = 0775
     force create mode = 0664
     directory mask = 0775
     force directory mode = 0775

Of course, the Amahi front end won't let me name a share with a $ in it 
(or at least ending in one), and I am having to edit the smb.conf file 
to get this setup.

Understanding that only Windows clients 'hide' $ shares, and given my 
goal of being able to view all shares from a couple shares, does this 
seem the way to go?

On 07/05/2010 02:04 PM, Robert LeBlanc wrote:
> The Windows client will hide any share that ends with a '$' whether or not
> it is an administrator share, it's doesn't know or care. In this case there
> is no difference between hidden and normal because to Windows they are both
> hidden. Give it a try sometime.
>
> If you hit the server with a Mac client, it shows all the shares (at least
> it used to, I haven't tried in a long time), even the c$, d$, etc. I think
> the Linux SMB clients also do the same. So to rely on 'server' to 'hide'
> these shares, is a very false sense of security. It's the actual client that
> does the hiding from normal users.
>
> Robert LeBlanc
> Life Sciences&  Undergraduate Education Computer Support
> Brigham Young University
>
>
> On Mon, Jul 5, 2010 at 2:43 AM, Atkinson, Robert<RATKINSON at tbs-ltd.co.uk>wrote:
>
>    
>>   Robert, the discussion was around the hidden ‘$’ shares, not normal ones.
>>
>>
>>
>> Rob.
>>
>>
>>
>> *From:* Robert LeBlanc [mailto:robert at leblancnet.us]
>> *Sent:* 02 July 2010 19:15
>> *To:* Atkinson, Robert
>> *Cc:* Jeremy Allison; samba at lists.samba.org
>>
>> *Subject:* Re: [Samba] Default Hidden Disk Shares
>>
>>
>>
>> On Fri, Jul 2, 2010 at 2:05 AM, Atkinson, Robert<RATKINSON at tbs-ltd.co.uk>
>> wrote:
>>
>> Interesting to see you say it's dangerous. The way the Windows version
>> works
>> is that you have to be part of the Administrator group to be able to see
>> them, which I would have thought secure enough?
>>
>>
>>
>> This is not true, the share is advertised to anyone who asks. The Windows
>> client only hides shares that end with a '$'. By default Windows gives
>> access only to administrators (by default), but they are by no means hidden.
>>
>>
>> Robert LeBlanc
>> Life Sciences&  Undergraduate Education Computer Support
>> Brigham Young University
>>
>>
>> ***********************************************************************************
>>
>> Any opinions expressed in email are those of the individual and not
>> necessarily those of the company. This email and any files transmitted with
>> it are confidential and solely for the use of the intended recipient or
>> entity to whom they are addressed. It may contain material protected by
>> attorney-client privilege. If you are not the intended recipient, or a
>> person responsible for delivering to the intended recipient, be advised that
>> you have received this email in error and that any use is strictly
>> prohibited.
>>
>>
>>
>> Random House Group + 44 (0) 20 7840 8400
>>
>> http://www.randomhouse.co.uk
>>
>> http://www.booksattransworld.co.uk
>>
>> http://www.kidsatrandomhouse.co.uk
>>
>> Generic email address - enquiries at randomhouse.co.uk
>>
>>
>>
>> Name&  Registered Office:
>>
>> THE RANDOM HOUSE GROUP LIMITED
>>
>> 20 VAUXHALL BRIDGE ROAD
>>
>> LONDON
>>
>> SW1V 2SA
>>
>> Random House Group Ltd is registered in the United Kingdom with company No.
>> 00954009, VAT number 102838980
>>
>>
>> ***********************************************************************************
>>
>>
>>
>>

More information about the samba mailing list