help! all users able to map other's home drive

James B Curry jbcurry at hline.localhealth.net
Tue Aug 22 21:15:37 GMT 2000 

"Melissa M. Thrush" wrote:
> 
> All,
> 
> I recently upgraded to Samba 2.0.7 and have it running as a PDC on a Sun
> Solaris 2.6 box.
> 
> Today I noticed that if the file permissions on a user's unix home
> directory isn't 700 (rwx------) then others can "map" their account from
> the command prompt.  So if I'm logged into my WinNT client as userA my
> home drive automatically maps.  If I open up a command prompt window and
> type:  net use X: \\sambaserver\userB
> userB's account maps to X!

Yes.  This is the way I would expect a default install of Samba to
behave.  Without specific instructions in the smb.conf file, the shared
resources will allow whatever the unix account will allow.
But, since you said "upgrade", I assume that you had a previous version
of Samba installed?  Furthermore, this is not the way your shares used
to behave?  If both of these assumptions are true, my guess is that the
upgrade overwrote or modified your smb.conf file.  Hopefully, you have a
copy somewhere that you can use to reconstruct the new smb.conf file to
your liking.

> What could be causing this?  If I go to Network Neighborhood on userA's
> client and go to the sambaserver I don't see userB's folder browsing until
> after I've successfully mapped it from the command prompt.

The "browseable = no" parameter is what hides the share from the Network
Neighborhood.  That does not prevent a user from explicitly mapping to
the share if they know the share name.  To limit access to the share,
you will need to either set the permissions in unix (like the example
you mentioned, 700) or you need to add some parameters in smb.conf for
that share, such as "valid users =" or "invalid users =", etc...

It would not do you much good for me to elaborate further.  It would be
best if you got hold of some decent Samba documentation, such as "SAMS
Teach Yourself Samba in 24 Hours" or O'Reilly's "Using Samba".  Chapters
on File Sharing or on smb.conf will help you considerably.

> [homes]
>    comment = Home Directories
>    browseable = no
^^^ This prevents Network Neighborhood browsing
>    read only = no
^^^ Even if "read only = yes", "write list =" will override it
>    create mode = 0755
^^^ Maximum rights Samba will allow when users create files/dirs
    (Won't prevent read/write/exec rights for existing files/dirs)
>    guest ok = no
^^^ "guest ok = yes" would allow access without a valid username/pwd

More information about the samba-ntdom mailing list