[Samba] Securing home shares
Neil Jolly
neil at jollycom.ca
Mon Feb 12 21:13:53 GMT 2007
On 12-Feb-07, at 1:37 PM, Andrew Morgan wrote:
> On Mon, 12 Feb 2007, Neil Jolly wrote:
>
>> On 12-Feb-07, at 12:38 PM, Charles Marcus wrote:
>>
>>> On 2/12/2007 Neil Jolly (neil at jollycom.ca) wrote:
>>>> [homes]
>>>> browseable = No
>>>> read only = No
>>>> guest ok = No
>>> Don't need this?
>>>
>>>> path = /home/%U
>> I've tried with, and without this one
>>
>>>> users = %S
>>> Typo? Shouldn't this be 'valid users = %S'
>>
>> Not according to : http://samba.org/samba/docs/man/Samba-HOWTO-
>> Collection/securing-samba.html
>>
>> An excerpt:
>> The only user works in conjunction with the users = list, so to
>> get the behavior you require, add the line:
>> users = %S
>>
>> This is equivalent to adding
>> valid users = %S
>>
>> to the definition of the [homes] share, as recommended in the
>> smb.conf man page.
>
> The manpage for smb.conf says:
>
> users
> This parameter is a synonym for username.
>
> username (S)
> Multiple users may be specified in a comma-delimited
> list, in which case the supplied password will be
> tested against each username in turn (left to right).
>
>
> This is very different from the "valid users" parameter. I think
> the securing-samba.html file is wrong in saying they are
> equivalent. If I'm reading it right, you want "valid users = %S".
>
>> Also unix permissions are rwx on all home dirs.
>
> Why not just fix the unix permissions? We set home dirs to 700 and
> public_html to 755 here.
The home dirs are already 700. I found the problem in the global
section. Removing the line: "nt acl support = no" fixed the issue. I
added that line earlier to fix a roving profiles problem, but that's
another story.
Neil Jolly
Jolly Computations
#12 800 Bowcroft Place
Cochrane, Alberta
Phone: (403) 688-7516
Fax: (403) 851-0873
Web: www.jollycom.ca
More information about the samba
mailing list