/proc doesn't work with Samba
Dan Kaminsky
effugas at best.com
Thu Jun 24 22:04:40 GMT 1999
> > **Why in the world would you want to share /proc???
> >
> I suspect it's being shared as part of a share exporting the root
> directory. I usually use "dont descend" in these cases, anyway (i.e. for
> /dev and /proc). There are more convenience/saftey issues than there are
> security issues, really:
No, actually I explicitly *want* remote access to /proc. NT can get
remote performance metrics from other NT machines; /proc is a cheap and
*easy* way to get remote performance metrics from Unix machines for a
95/98/NT box.
> You generally don't want to be exporting /dev, as
> user poking
> around in Windows Explorer who happens, for instance, to have read access to
> an auto-rewind tape device (i.e. they're some sort of demi-admin on the Unix
> side) could end up suprising someone else when the tape drive tries to
> rewind as the poor sap is in the middle of loading it... /dev, especially in
> the Land of Big Iron, has just a little too much influence on the Real World
> to be casually poked from Explorer. I imagine opening /dev/zero in a text
> editor might yield some interesting effects in your network, too.
If an Average User can break a tape drive, that's the fault of the Unix
Security Architecture. I mean, you don't blame vi if /etc/passwd is fully
modifiable.
> /proc can do some funky things to Explorer, too, if it tries to
> recurse into it to compute directory sizes; think infinite recursion.
ls -R doesn't fail. Neither does du, though I assume for different
reasons.
Something like a "limit infinite recurse" parameter might help.
> (note for dont descend; for a root directory share, omit the leading
> slashes)
>
>
More information about the samba-technical
mailing list