[Samba] valid users = %S in rc4

John H Terpstra jht at samba.org
Fri Sep 26 16:18:03 GMT 2003


On Fri, 26 Sep 2003, Petty, Robert wrote:

> The problem I have with this, using 2.2.8a on Solaris is any user can open
> any other's home if they simply know the name of the other user.  logging in
> as rpetty, I can open NOBODY, ROOT, UUCP etc.  I have to be able to limit
> the ability.  What perplexes me is that even when I am not sharing [homes],
> I can still open the "NOBODY" share.  Since nobody's home directory was "/"
> it would open the root directory!  In case it matters, I am using Winbind
> for my security model (security = domain) but am having considerable issues
> with querying trusted domains.  Winbind is being very painful with 7-9
> second connection times for each share or files within shares.  This only
> happens when the Winbind timeout time lapses so I've bumped it up to 300
> seconds.  Not _as_ painful but still too painful for production.

Directory access is limited by file system access controls. Samba honors
these.

Why is 'nobody' home set at '/' - why not '/tmp' or some other inocuous
path?

Have you files a bug report? https://bugzilla.samba.org

- John T.
>
> > -----Original Message-----
> > From: John H Terpstra [mailto:jht at samba.org]
> > Sent: Friday, September 26, 2003 10:05 AM
> > To: Chris Smith
> > Cc: samba at lists.samba.org
> > Subject: Re: [Samba] valid users = %S in rc4
> >
> >
> > Guys,
> >
> > The homes share should be set to be "browsable = No".
> > Do NOT set the "valid users = %S" on the homes share.
> >
> > - John T.
> >
> >
> > On Fri, 26 Sep 2003, Chris Smith wrote:
> >
> > > On Friday 26 September 2003 10:26, Derek T. Yarnell wrote:
> > > > I see this problem too. I thought that I was going crazy.
> > > >
> > > > On Fri, Sep 26, 2003 at 10:14:36AM -0400, Chris Smith wrote:
> > > > > On Friday 26 September 2003 00:15, Hannu Tikka wrote:
> > > > > > After upgrading rc2 -> rc4 (suse binary packages)
> > > > > >
> > > > > > line 'valid users = %S' in [homes] section prevents
> > user getting to his
> > > > > > homedirectory
> > > > >
> > > > > Same change occured here when upgrading from 2.2.7a to
> > the 3.0.0 release.
> > >
> > > Not only that but here I also see the homes share exposed
> > twice in browse
> > > lists, both as "homes" and also as the usersname with both
> > shares being the
> > > users home directory for that user. This is also different
> > from previous
> > > versions.
> > >
> > > Chris
> > >
> >
> > --
> > John H Terpstra
> > Email: jht at samba.org
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
>

-- 
John H Terpstra
Email: jht at samba.org



More information about the samba mailing list