[Samba] Swat lets everybody into the "good stuff"

Roger Merchberger zmerch-samba at 30below.com
Tue Jun 6 20:40:36 GMT 2006 

OK, I'm a Samba Noob, so be gentle with me. ;-)

I've finally (mainly because I'm an idiot) gotten samba (Version 
3.0.14a-Debian) working on a Debian Stable system (uname -a ==
Linux files 2.4.27-2-386 #1 Wed Aug 17 09:33:35 UTC 2005 i686 GNU/Linux ) 
and I have several userid's & shares built & working, however, no matter 
which user logs in to Swat (for personal password changing) they have 
access to *everything*, including diddling with the smb.conf file, which 
would be a *bad* thing. Otherwise, things seem to be fine other than that 
"small" security glitch. ;-)

The users have their "own" group, and their shares are listed to be owned 
solely by them - here's a snippet for one user:

files:/etc/samba# grep missy /etc/passwd
missy:x:2006:2006:missy:/home/everyone/missy:/bin/false

files:/etc/samba# grep missy /etc/group
missy:x:2006:

I also have a few group entries like this:

companies:x:1009:josh,missy,marilyn

listing several people who should be in a group for a "group share"

and here's the respective entry for this user in smb.conf:

[missy]

comment = Missy's Directory
write list = missy
create mask = 0600
directory mask = 0700
browseable = yes
writable = yes
path = /home/everyone/missy/files

=-=-= and the group share also:

[Companies]
   comment = B2B Company Information
   browseable = yes
   write list = missy,marilyn,josh
   group = companies
   writable = yes
   create mask = 0660
   directory mask = 0770
   path=/home/groups/companies

=-=-=-=-=-=-=-=

I also haven't figured out how to be able to get the shares to be "visible" 
under Nutwork Neighborhood in Winders, but the users are [gasp!] fairly 
competent and getting them to mount the share via the IP address really 
shouldn't be much of a problem; therefore I'm not really worried about it. ;-)

I have the full smb.conf file available here:

http://www.30below.com/~zmerch/samba/smb.conf

I don't want to keep it there _forever_ but I'll leave it up for 7 days or so.

Yes, I've googled. Yes, I've scanned the last few months of the archives. 
No, I've not been able to figure this out - anyone out there have a 
clue-by-4 with my name on it? ;-)

Thanks!
Roger "Merch" Merchberger

--
Roger "Merch" Merchberger   | "Bugs of a feather flock together."
sysadmin, Iceberg Computers |           Russell Nelson
zmerch at 30below.com          |

More information about the samba mailing list