(no subject)

Luke Kenneth Casson Leighton lkcl at switchboard.net
Mon Apr 12 19:29:21 GMT 1999

> I believe point 2. is only true if users' home directories are set up on
> the unix side to allow others to browse; if permissions are og-x on the
> home directories, I don't think samba allows browsing into them either.

the stupid winlogon.exe process double-checks the individual path
components including the share.  if they do not exist it attempts to
create them [the path components].

> 2232 Piedmont Avenue #2120  -    Berkeley, California, 94720-2120 USA
> http://demog.berkeley.edu/~aperrin --------------------------SEIU1199
> On Mon, 12 Apr 1999, Gil Freund wrote:
> > Two points:
> > 
> > 1. The FAQ's warn about using the easy way out (the /home share) since
> > windows maintains a link to that share, even when the user logs out.

this is a serious bug in windows (95 and nt) that microsoft has not
been able to reproduce or fix yet (it's been there for years), see
NTBUGTRAQ archives on NetWkstaUsers bug.

because the connection is still open, the browsing is done on this share.
because this share was opened by the previous user, the browsing is done
as the previously logged in user.

this is not good.

combine this with the other point: if you do not allow r-x permissions to
absolutely everybody then profiles will not work properly, because windows
cannot see the profile path components [as the incorrcet user].

the solution is to have microsoft fix the damn problem, not compromise
your unix security.


More information about the samba-ntdom mailing list