[Samba] mount other users with 0755 perms

Tue Jun 17 09:15:17 GMT 2003

In response to my original Q (see below) i'm sending my entire smb.conf in
the hope that someone can tell me why user's homedirs in an nfs/nis environment
arent protected:

[global]
; Basic server settings
netbios name = hop
workgroup = guard

# security addition from SANS http://www.sans.org/top20/#W6
lanman auth = no
min protocol = NT1
lm announce = no

# Files with permissions set to prevent access shouldn't even appear
hide unreadable = yes

# Prevent browsing by default
browseable = no

domain admin group = gentot

; we should act as the domain and local master browser
os level = 64
preferred master = yes
domain master = yes
local master = yes

hosts deny = 0.0.0.0/0

hosts allow = 1.2.3.4

# tells Samba to use a separate log file for each machine that connects
log file = /scratch/local/app/samba/current/var/log.%m

# default is only to log critical messages
log level = 1

# Put a capping on the size of the log files (in Kb).
max log size = 90

# this option gives better performance
# See speed.txt and the manual pages for details
socket options = TCP_NODELAY

; security settings (must be security = user)
security = user

; encrypted passwords are a requirement for a PDC
encrypt passwords = yes

; support domain logons
domain logons = yes
; where to store user profiles?
logon path = \\hop\profiles\%u

; where is a user's home directory and where should it
; be mounted at?
logon drive = Y:

; specify a generic logon script for all users
; this is a relative **DOS** path to the [netlogon] share
logon script = logon.bat

; necessary share for domain controller
[netlogon]
path = /scratch/local/app/samba/current/lib/netlogon
read only = yes
write list = gentot

; share for storing user profiles
[profiles]
path = /export/smb/profiles/%u
read only = no
create mask = 0600
directory mask = 0700

load printers = yes
printing = cups
printcap name = cups
printer admin = gentot

[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
public = yes
guest ok = no
writable = no
printable = yes
printer admin = gentot

[print$]
comment = Printer Config
path = /export/smb/cups
browseable = yes
guest ok = no
read only = yes
write list = gentot

[homes]
guest ok        = no
read only       = no
create mask     = 0700
directory mask  = 0700
preserve case   = yes
locking         = no
oplocks         = no

>-- Original-Message --
>Date: Sun, 15 Jun 2003 22:45:27 -0400
>From: Mark Verhyden <marksv at earthlink.net>
>To:  garvald at bluemail.ch
>Subject: Re: [Samba] mount other users with 0755 perms
>
>
>Please post your entire smb.conf file in order for people to see the 
>whole picture.
>
>Mark
>
>garvald at bluemail.ch wrote:
>> Hallo
>> I recently setup samba v 2.2.8a and have the following options for [homes]
>> set in my smb.conf:
>> 
>> [homes]
>> guest ok        = no
>> read only       = no
>> create mask     = 0700
>> directory mask  = 0700
>> preserve case   = yes
>> locking         = no
>> oplocks         = no
>> 
>> Im on a NIS/NFS net. The problem is I can mount anyone elses directory
>with
>> no password if they have 0755 homedir perms. No username/password login
>appears,
>> the directory is mounted and I have access to all files. Other directories
>> which do not allow world access produce an error saying they're not accessible,
>> which isnt good, I would prefer a username + pwd window to appear.
>> 
>> what options do I need in order to protect 0755 dirs and for all directories
>> to be accessible through username + pwd ? 
>> 
>> thanks for the help
>> AlanCB
>> 
>
>
>