[Samba] How to tell Samba not to use the passwd file

Gerald (Jerry) Carter jerry at samba.org
Tue Jan 3 17:30:44 GMT 2006

Hash: SHA1

Dwight Tovey wrote:

>>set an invalid users line in [global]
>>	invalid users = daemon bin lpd mail .....
> Well, not quite.  As I understand the smb.conf man page, 

Did you actually test it?  Or just read the man page.  This use to
be enough to prevent system account home directories.

> I don't disagree that I had it misconfigured.  But I wonder 
> how many other people with PDCs running have this same
> misconfiguration.  Given that this could potentially leave
> the Unix system completely open, I wonder if section 17.5.2
> of the Samba 3 Howto should stress more about the dangers
> of allowing access to other users home directories, 
> especially these "system" users.

It doesn't leave the Unix system wide open.  You only get the access
that you would have at a shell prompt.  Now something like
'admin users = +users' would be a serious misconfiguration but that
type of thing is mentioned in the smb.conf(5) man page.

cheers, jerry
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"There's an anonymous coward in all of us."               --anonymous
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the samba mailing list