[Samba] valid users = %S in rc4
rpetty at DenverNewspaperAgency.com
Fri Sep 26 16:15:33 GMT 2003
The problem I have with this, using 2.2.8a on Solaris is any user can open
any other's home if they simply know the name of the other user. logging in
as rpetty, I can open NOBODY, ROOT, UUCP etc. I have to be able to limit
the ability. What perplexes me is that even when I am not sharing [homes],
I can still open the "NOBODY" share. Since nobody's home directory was "/"
it would open the root directory! In case it matters, I am using Winbind
for my security model (security = domain) but am having considerable issues
with querying trusted domains. Winbind is being very painful with 7-9
second connection times for each share or files within shares. This only
happens when the Winbind timeout time lapses so I've bumped it up to 300
seconds. Not _as_ painful but still too painful for production.
> -----Original Message-----
> From: John H Terpstra [mailto:jht at samba.org]
> Sent: Friday, September 26, 2003 10:05 AM
> To: Chris Smith
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] valid users = %S in rc4
> The homes share should be set to be "browsable = No".
> Do NOT set the "valid users = %S" on the homes share.
> - John T.
> On Fri, 26 Sep 2003, Chris Smith wrote:
> > On Friday 26 September 2003 10:26, Derek T. Yarnell wrote:
> > > I see this problem too. I thought that I was going crazy.
> > >
> > > On Fri, Sep 26, 2003 at 10:14:36AM -0400, Chris Smith wrote:
> > > > On Friday 26 September 2003 00:15, Hannu Tikka wrote:
> > > > > After upgrading rc2 -> rc4 (suse binary packages)
> > > > >
> > > > > line 'valid users = %S' in [homes] section prevents
> user getting to his
> > > > > homedirectory
> > > >
> > > > Same change occured here when upgrading from 2.2.7a to
> the 3.0.0 release.
> > Not only that but here I also see the homes share exposed
> twice in browse
> > lists, both as "homes" and also as the usersname with both
> shares being the
> > users home directory for that user. This is also different
> from previous
> > versions.
> > Chris
> John H Terpstra
> Email: jht at samba.org
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba