[Samba] valid users = %S in rc4

Petty, Robert rpetty at DenverNewspaperAgency.com
Fri Sep 26 16:15:33 GMT 2003 

The problem I have with this, using 2.2.8a on Solaris is any user can open
any other's home if they simply know the name of the other user.  logging in
as rpetty, I can open NOBODY, ROOT, UUCP etc.  I have to be able to limit
the ability.  What perplexes me is that even when I am not sharing [homes],
I can still open the "NOBODY" share.  Since nobody's home directory was "/"
it would open the root directory!  In case it matters, I am using Winbind
for my security model (security = domain) but am having considerable issues
with querying trusted domains.  Winbind is being very painful with 7-9
second connection times for each share or files within shares.  This only
happens when the Winbind timeout time lapses so I've bumped it up to 300
seconds.  Not _as_ painful but still too painful for production.

> -----Original Message-----
> From: John H Terpstra [mailto:jht at samba.org]
> Sent: Friday, September 26, 2003 10:05 AM
> To: Chris Smith
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] valid users = %S in rc4
> 
> 
> Guys,
> 
> The homes share should be set to be "browsable = No".
> Do NOT set the "valid users = %S" on the homes share.
> 
> - John T.
> 
> 
> On Fri, 26 Sep 2003, Chris Smith wrote:
> 
> > On Friday 26 September 2003 10:26, Derek T. Yarnell wrote:
> > > I see this problem too. I thought that I was going crazy.
> > >
> > > On Fri, Sep 26, 2003 at 10:14:36AM -0400, Chris Smith wrote:
> > > > On Friday 26 September 2003 00:15, Hannu Tikka wrote:
> > > > > After upgrading rc2 -> rc4 (suse binary packages)
> > > > >
> > > > > line 'valid users = %S' in [homes] section prevents 
> user getting to his
> > > > > homedirectory
> > > >
> > > > Same change occured here when upgrading from 2.2.7a to 
> the 3.0.0 release.
> >
> > Not only that but here I also see the homes share exposed 
> twice in browse
> > lists, both as "homes" and also as the usersname with both 
> shares being the
> > users home directory for that user. This is also different 
> from previous
> > versions.
> >
> > Chris
> >
> 
> -- 
> John H Terpstra
> Email: jht at samba.org
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list