[Samba] Default Hidden Disk Shares

Atkinson, Robert RATKINSON at tbs-ltd.co.uk
Mon Jul 5 03:00:46 MDT 2010

Before I reply, please take my response in the light it's meant, which is
curious interest and intrigue. I'm not and don't want to drag this out into a
full blown dissemination of Windows security.

The 'admins' directive in the CONF file holds a list of Admin users, and
gives elevated privileges to those accounts. I'm at a loss to see how this
differs from also giving root visibility to the same users.

I see this one of two ways. Either there isn't enough faith in the SAMBA code
to feel that it's a robust secure system (I personally think it is), or
there's a paranoia amongst the community. Given the way Windows is constantly
hacked, this second observation may well be indirectly true.

My background is over 20 years administrating an OpenVMS system (THE most
secure O/S available). The reason I say this is because a single cluster
could (and does) have hundreds of visible volumes, that change frequently. To
continually reconfigure the CONF file although not impossible, would be
somewhat arduous.

As has already been stated, Samba doesn't allow for the automatic 'hidden'
presentation of these volumes. The product I was using (Pathworks) which
emulates a Windows NT member server did, and despite some of the posts, it is
a nice feature to have.

I'm happy to leave it there and work with what's available, or hear peoples
opinions on the above.

Thanks, Robert
(A Grateful OpenSource Developer and User)

-----Original Message-----
From: Jeremy Allison [mailto:jra at samba.org] 
Sent: 02 July 2010 17:34
To: Atkinson, Robert
Cc: Jeremy Allison; samba at lists.samba.org
Subject: Re: [Samba] Default Hidden Disk Shares

On Fri, Jul 02, 2010 at 09:05:52AM +0100, Atkinson, Robert wrote:
> Interesting to see you say it's dangerous. The way the Windows version
> is that you have to be part of the Administrator group to be able to see
> them, which I would have thought secure enough?

Sure, we could make it a root-only export. The problem is,
if we have a security issue (and these have been known to
happen from time to time), you've exported your entire
filesystem out *without a way to turn it off*. That's
the problem with doing it by default.

> Who would I contact to request this as a feature enhancement?

Just add the relevent share to your smb.conf files.


Any opinions expressed in email are those of the individual and not necessarily those of the company. This email and any files transmitted with it are confidential and solely for the use of the intended recipient or entity to whom they are addressed. It may contain material protected by attorney-client privilege. If you are not the intended recipient, or a person responsible for delivering to the intended recipient, be advised that you have received this email in error and that any use is strictly prohibited.

Random House Group + 44 (0) 20 7840 8400
Generic email address - enquiries at randomhouse.co.uk

Name & Registered Office:
Random House Group Ltd is registered in the United Kingdom with company No. 00954009, VAT number 102838980

More information about the samba mailing list