[Samba] Swat lets everybody into the "good stuff"
Roger Merchberger
zmerch-samba at 30below.com
Tue Jun 6 20:40:36 GMT 2006
OK, I'm a Samba Noob, so be gentle with me. ;-)
I've finally (mainly because I'm an idiot) gotten samba (Version
3.0.14a-Debian) working on a Debian Stable system (uname -a ==
Linux files 2.4.27-2-386 #1 Wed Aug 17 09:33:35 UTC 2005 i686 GNU/Linux )
and I have several userid's & shares built & working, however, no matter
which user logs in to Swat (for personal password changing) they have
access to *everything*, including diddling with the smb.conf file, which
would be a *bad* thing. Otherwise, things seem to be fine other than that
"small" security glitch. ;-)
The users have their "own" group, and their shares are listed to be owned
solely by them - here's a snippet for one user:
files:/etc/samba# grep missy /etc/passwd
missy:x:2006:2006:missy:/home/everyone/missy:/bin/false
files:/etc/samba# grep missy /etc/group
missy:x:2006:
I also have a few group entries like this:
companies:x:1009:josh,missy,marilyn
listing several people who should be in a group for a "group share"
and here's the respective entry for this user in smb.conf:
[missy]
comment = Missy's Directory
write list = missy
create mask = 0600
directory mask = 0700
browseable = yes
writable = yes
path = /home/everyone/missy/files
=-=-= and the group share also:
[Companies]
comment = B2B Company Information
browseable = yes
write list = missy,marilyn,josh
group = companies
writable = yes
create mask = 0660
directory mask = 0770
path=/home/groups/companies
=-=-=-=-=-=-=-=
I also haven't figured out how to be able to get the shares to be "visible"
under Nutwork Neighborhood in Winders, but the users are [gasp!] fairly
competent and getting them to mount the share via the IP address really
shouldn't be much of a problem; therefore I'm not really worried about it. ;-)
I have the full smb.conf file available here:
http://www.30below.com/~zmerch/samba/smb.conf
I don't want to keep it there _forever_ but I'll leave it up for 7 days or so.
Yes, I've googled. Yes, I've scanned the last few months of the archives.
No, I've not been able to figure this out - anyone out there have a
clue-by-4 with my name on it? ;-)
Thanks!
Roger "Merch" Merchberger
--
Roger "Merch" Merchberger | "Bugs of a feather flock together."
sysadmin, Iceberg Computers | Russell Nelson
zmerch at 30below.com |
More information about the samba
mailing list