easy access to root home dir.

Andrew Bartlett abartlet at pcug.org.au
Sun Feb 4 21:21:37 GMT 2001


"David W. Chapman Jr." wrote:
> 
> I decided to try this as it intrigued me, but to my surprise I can also view
> any users home directory including root.  I'm running samba-2.2.0-alpha2 on
> freebsd 4.2-stable

What are the permissions on these directories?  Log into the machine (ie
with ssh) as an unprivileged user, can you 'cd ~root'?  If you can, you
have bigger worries than that samba lets you do this.  
Samba does not attempt to enforce arbitrary restrictions on you, it
simply uses the underlying unix permissions - other restrictions (like
valid users = %S) are simply hacks that cover up serious flaws in your
file permissions.
If an unprivileged user cannot cd into these directories then samba is
at fault, and similarly these hacks probably don't actually help - samba
should be fixed.  (Note that on some systems home directories are mode
755, I always run home directories mode 700 as is standard on  RedHat
systems).

Hope this clarifies things,
Andrew Bartlett

> 
> > So I tried access any other valid home directory and I had no problem.
> >
> > The scary part is that I tried \\samba_server\root and it worked. I can
> > access any users home dir in the /etc/passwd file. Im sure this isn't
> > wanted by most Samba Admins.
> >
> > I thought I prevented this with invalid users option
> >
> > What configuration option prevents this ??
> >
> >
> > I just read the using samba book about 3 times and couldn't find any way
> > to fix this problem.

-- 
Andrew Bartlett
abartlet at pcug.org.au




More information about the samba mailing list