[Samba] valid users = %S in rc4
Chris Smith
chris at realcomputerguy.com
Fri Sep 26 16:55:50 GMT 2003
On Friday 26 September 2003 12:28, John H Terpstra wrote:
> On Fri, 26 Sep 2003, Petty, Robert wrote:
>
> > No, I haven't filed a bug report...
> >
> > The key part of my message "was":
> > "Since nobody's home > directory was "/" > > it would open the root
> > directory"
> >
> > I have changed it since I immediately recognized it as a security issue.
> >
> > The initial response to "Why is 'nobody' home set at '/' - why not '/tmp'
> > or" is that when you install a brand new version of Solaris 9, that's how
> > Sun sets it. Ironically, applying jass didn't change it! Seems to me
that
> > jass missed a key issue. anyhow, I'm heading off topic.
> >
> > This will be interesting to see how the %S plays out since we essentially
> > require it to enforce security for home directories....
>
> Does this mean that you operate a UNIX system with lax security on user
> home directories? ie: Others have permission to read any users' home
> directory? Hmmm. Not good.
From my little understanding it is quite common that read access is granted to
all users home directories by default in many Unixes. It is up to the user to
chmod if the behavior is not desired.
Regardless, local access and MS share access are really two different things
and it is perfectly acceptable to want to allow one and not the other.
Otherwise we could just dispense with the valid users tag altogether.
More information about the samba
mailing list