[PATCH] Making shares unaccessible at root level mountable (aka solving bsc#8950 ...again)

Aurélien Aptel aaptel at suse.com
Thu Jun 9 16:50:27 UTC 2016

Small update: I've written a powershell script to reproduce the problem
(attached). If you're wondering I'm not using samba see my notes
about it [1].

On the window server:
- Edit $Dir (script will create parent dirs)
- Edit $LimitedUser/$AdminUser to an existing one
- Run the script as admin

On the linux client:
- Mount the share sub dir with the limited user credentials:
  mount //lutze/bug8950/sub/dir' /mnt \
        -o 'domain=LURCH,ip=,username=bill,password=*****,rw'

My second solution fails for the case when the dir *containing* the
shared dir restricts the limited user. See "HARD MODE" at the end
of the script.

1: http://diobla.info/stuff/bugs/bsc799133/#sec-4

Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG
-------------- next part --------------
A non-text attachment was scrubbed...
Name: repro-8950.ps1
Type: application/octet-stream
Size: 1497 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160609/4899936b/repro-8950.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160609/4899936b/attachment.sig>

More information about the samba-technical mailing list