[Samba] "/" shows up as home directory for "nobody" - available to any user
Christian Barth
barth at cck.uni-kl.de
Thu Apr 25 09:40:04 GMT 2002
> Danke, das war's.
> Aber: Waere es nicht besser, wenn fuer "nobody" gar nicht erst eine Share da
> waere?
Das liegt am System, wie aus [homes] Shares werden. Ist in man
smb.conf erklärt und im wesentlichen so, das wenn Du zu einer Share
verbindest, zuerst geschaut wird, ob sie expliziet definiert ist. Und
wenn nicht, ob sie sich aus den Benutzernamen in /etc/passwd
generieren läßt. So kann jeder zu jedem Homverzeichnis verbinden.
Also User1 auch zu \\server\User2, zu \\server\xfs, \\server\root, .
Und nobody ist u.a. wg. browsing immer dabei, vgl. smbstatus ... Auch
darum immer auf die richtigen Unix-Rechte achten. Valid Users = %S
verhindert genau dieses Verhalten. Bin da selber drauf rein geflogen
;-)
Christian
> Thomas
>
> Thomas Klettke
> thomask at aesbus.com
> Network Administrator
> Aesbus Knowledge Solutions
> 4606 FM1960 West, Suite 610
> Houston, TX 77069
>
> phone: +1 (281) 587-2247 ext 111
> fax: +1 (281) 587-1593
> fax in Deutschland: (089) 2443 - 10378
>
> "The instructions said to use Windows 98 or better, so I installed RedHat."
>
>
> -----Original Message-----
> From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]On
> Behalf Of Christian Barth
> Sent: Thursday, April 25, 2002 11:03 AM
> To: samba at lists.samba.org; Thomas Klettke
> Subject: Re: [Samba] "/" shows up as home directory for "nobody" -
> available to any user
>
>
> > Strange thing:
> > After being logged on to samba-PDC (2.2.3a, LDAP) I see besides the user's
> > home directory a home directory for user "nobody" - containing the root
> file
> > system of my samba server.
> > The relevant parts in smb.conf looks like this:
> >
> > guest account = pcguest (if not set it defaults to "nobody" - this should
> > turn it off)
> >
> > [homes]
> > comment = Home Directories
> > browseable = no
> > writable = yes
> >
> >
> > The entry in /etc/passwd for "nobody" is:
> > nobody:x:99:99:Nobody:/:/sbin/nologin
> >
> > There is no entry for "nobody" in the LDAP database, not is there anywhere
> > an account for "guest".
> >
> >
> > Looks like this entry is the key - the "/" for the home dir.
> > Since I really don't want everybody to have read access to everything on
> my
> > hard drive, can anyone point me to how I can fix this?
> > I guess, I could change nobody's home dir to something else - but what
> would
> > that break?
> > I'd rather find out why samba shares it out to begin with - is there a way
> > to turn it off?
> Add:
> valid users = %S
> # [homes] erzeugt shares der Art [<username>]
> # Zu jeder share kann jeder user verbinden, auch zu den
> # Systemaccounts !!
> # obiger Eintrag verhindert das.
> To the [homes] section in smb.conf. You may leave out the comment :-)
> With this "valid users" only an authenticated nobody can access it's
> home through samba. And with your /etc/passwd there will never be an
> authenticated nobody.
>
> Christian
>
> _(_)_ wWWWw _
> @@@@ (_)@(_) vVVVv _ @@@@ (___) _(_)_
> @@()@@ wWWWw (_)\ (___) _(_)_ @@()@@ Y (_)@(_)
> @@@@ (___) `|/ Y (_)@(_) @@@@ \|/ (_)\
> / Y \| \|/ /(_) \| |/ |
> \ | \ |/ | / \ | / \|/ |/ \| \|/
> jgs|// \\|/// \\\|//\\\|/// \|/// \\\|// \\|// \\\|//
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
>
>
>
_(_)_ wWWWw _
@@@@ (_)@(_) vVVVv _ @@@@ (___) _(_)_
@@()@@ wWWWw (_)\ (___) _(_)_ @@()@@ Y (_)@(_)
@@@@ (___) `|/ Y (_)@(_) @@@@ \|/ (_)\
/ Y \| \|/ /(_) \| |/ |
\ | \ |/ | / \ | / \|/ |/ \| \|/
jgs|// \\|/// \\\|//\\\|/// \|/// \\\|// \\|// \\\|//
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
More information about the samba
mailing list