[Samba] valid users = %S in rc4

Chris Smith chris at realcomputerguy.com
Fri Sep 26 16:55:50 GMT 2003


On Friday 26 September 2003 12:28, John H Terpstra wrote:
> On Fri, 26 Sep 2003, Petty, Robert wrote:
> 
> > No, I haven't filed a bug report...
> >
> > The key part of my message "was":
> > "Since nobody's home > directory was "/" > > it would open the root
> > directory"
> >
> > I have changed it since I immediately recognized it as a security issue.
> >
> > The initial response to "Why is 'nobody' home set at '/' - why not '/tmp'
> > or" is that when you install a brand new version of Solaris 9, that's how
> > Sun sets it.  Ironically, applying jass didn't change it!  Seems to me 
that
> > jass missed a key issue.  anyhow, I'm heading off topic.
> >
> > This will be interesting to see how the %S plays out since we essentially
> > require it to enforce security for home directories....
> 
> Does this mean that you operate a UNIX system with lax security on user
> home directories? ie: Others have permission to read any users' home
> directory? Hmmm. Not good.

From my little understanding it is quite common that read access is granted to 
all users home directories by default in many Unixes. It is up to the user to 
chmod if the behavior is not desired.
Regardless, local access and MS share access are really two different things 
and it is perfectly acceptable to want to allow one and not the other. 
Otherwise we could just dispense with the valid users tag altogether.



More information about the samba mailing list