[Samba] security with normal profiles

Felipe Augusto van de Wiel felipe at paranacidade.org.br
Fri Sep 15 14:39:06 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 09/13/2006 08:28 AM, Thierry Lacoste escreveu:
> Following TOSHARG and "Samba 3 by examples" I implemented
> Folder redirection plus some security restrictions by building
> a custom NTUSER.DAT which is the default profile of my users.
> The problem is that each user has read/write access to its profile
> share therefore he can replace its NTUSER.DAT.
> 
> This is why I chose mandatory profiles.
> Is there another solution?

	From the beloved smb.conf manpage:

The share and the path must be readable  by  the  user  for  the
preferences  and  directories  to  be loaded onto the Windows NT
client. The share must be writeable when the user  logs  in  for
the  first  time, in order that the Windows NT client can create
the NTuser.dat and other directories. Thereafter,  the  directo‐
ries  and  any  of  the  contents  can,  if  required,  be  made
read-only. It is not advisable that the NTuser.dat file be  made
read-only  -  rename  it  to  NTuser.man  to achieve the desired
effect (aMANdatory profile).


> The problem with mandatory profiles is that some settings are not
> saved: for instance the Favorites folder; I did not redirect it because
> I read in several books that only the Desktop, My documents,
> Application Data and Start Menu can be redirected.
> 
> Is there a way to save Favorites with mandatory profiles?

	Hmmm, not sure... probably no, because it is a mandatory
profile, but you can save it on alternative paths, I don't why
to do that. :(


> Regards,
> Thierry.

	Kind regards,

- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFCrsJCj65ZxU4gPQRArfQAKCGmwLy6Y10iOBw1g1CnhlhzqWXbQCgzR8e
xLdR7DZXmW+2ZTuIr+3Hnno=
=yppA
-----END PGP SIGNATURE-----

More information about the samba mailing list