[Samba] security bug or misconfiguration ?

Hans B. Randgaard HBR at maerskoil.dk
Mon Oct 28 19:43:32 GMT 2002

Dear list,

We are experiencing users unexpectedly accessing each others files.
It happens when they try to access files that are called the same and which
is located in an equal file structure under their login drive. Two other
need to be fulfilled: one of the users needs to have the file locked and
both users
needs to be logged into the same Citrix server(windows-2000).

For instance if userA uses Outlook to open a PST file located here:
L:\user.pst and
userB tries to open L:\user.pst, it fails for userB even though the file
L:\user.pst are
different files since L: is the login drive for the user.

The login drive is defined in smb.conf as:

	comment = Users home directory (L:)
	path = /pcstorage/%G/users/%U
	read only = No
	inherit permissions = Yes
	create mask = 0600
	directory mask = 0700

"user$" is referred to in the user profile on the NT PDC(\\pcserver\user$).
%G resolves to the primary UNIX group that the user belongs to and
%U resolves to the UNIX user ID.
The file structure on the UNIX server is layed out as this:



This setup has been working fine for some time now, but suddenly we
found out that some files in the users personal area were overwritten by
other users.
The Outlook example above will not overwrite, but is an easy test to prove
described functionality.

The question is:

Is this a bug or is our Samba setup misconfigured ?

We run Samba-2.2.5 with ACL support and winbind on Solaris-8.

Below is our smb.conf file:

        workgroup = DOMAIN1
        netbios name = storage1
        netbios aliases = pcstorage
        interfaces = ge0
        security = DOMAIN
        encrypt passwords = Yes
        password server = dc01, dc02, mailsrv
        wins server =
# User that have all rights on all shares regardless of the permissions:
        admin users = DOMAIN1+hbr,DOMAIN1+rbh
        log file = /usr/local/samba/var/log.%m
        max log size = 100
        local master = No
        deadtime = 180
        username map = /usr/local/samba/lib/users.map

        # separate domain and username with '+', like DOMAIN+username
        winbind separator = +
        winbind cache time = 3600
        # use uids from 10000 to 20000 for domain users
        winbind uid = 10000-20000
        # use gids from 10000 to 20000 for domain groups
        winbind gid = 10000-20000
        # allow enumeration of winbind users and groups
        winbind enum users = yes
        winbind enum groups = yes
        client code page = 850
        character set = ISO8859-1
        valid chars = ø:Ø

	comment = Users home directory (L:)
	path = /pcstorage/%G/users/%U
	read only = No
	inherit permissions = Yes
	create mask = 0600
	directory mask = 0700
Rest of the drives...

I hope some of you have been in the same situation or can tell me what
is wrong.

Thanks very much in advance.

Kind regards, Hans.

This e-mail and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to which they 
are addressed. If you have received this e-mail in error please notify 
the system manager at hotline at maerskoil.dk.

This e-mail and its contents do not constitute and shall not be 
considered as a financial commitment of Maersk Olie og Gas AS 
and its affiliates. 
Maersk Olie og Gas AS expressly disclaims any responsibility
as to the accuracy and use of this e-mail and its contents.

More information about the samba mailing list