[Samba] Default Hidden Disk Shares

Gary Dale garydale at rogers.com
Mon Jul 5 13:01:28 MDT 2010


On 05/07/10 05:00 AM, Atkinson, Robert wrote:
> Before I reply, please take my response in the light it's meant, which is
> curious interest and intrigue. I'm not and don't want to drag this out into a
> full blown dissemination of Windows security.
>
>
> The 'admins' directive in the CONF file holds a list of Admin users, and
> gives elevated privileges to those accounts. I'm at a loss to see how this
> differs from also giving root visibility to the same users.
>
> I see this one of two ways. Either there isn't enough faith in the SAMBA code
> to feel that it's a robust secure system (I personally think it is), or
> there's a paranoia amongst the community. Given the way Windows is constantly
> hacked, this second observation may well be indirectly true.
>
> My background is over 20 years administrating an OpenVMS system (THE most
> secure O/S available). The reason I say this is because a single cluster
> could (and does) have hundreds of visible volumes, that change frequently. To
> continually reconfigure the CONF file although not impossible, would be
> somewhat arduous.
>
> As has already been stated, Samba doesn't allow for the automatic 'hidden'
> presentation of these volumes. The product I was using (Pathworks) which
> emulates a Windows NT member server did, and despite some of the posts, it is
> a nice feature to have.
>
> I'm happy to leave it there and work with what's available, or hear peoples
> opinions on the above.
>
> Thanks, Robert
> (A Grateful OpenSource Developer and User)
>
>    
You have to remember that Windows was never intended to be a 
enterprise-level OS. It's been evolving but still has a lot of hard to 
remove vestiges of it's desktop past. Some of them are hard to remove 
and often date back to a time when MS-DOS ran on 64k machines.

The notion of automatically sharing files may have made some sense way 
back when it was hard enough to get a PC network to even operate, but it 
is a security hole that shouldn't exist. The problem, like many Windows 
problems, is when a bug is old enough it becomes a feature.

No one should need access to the entire file system as a share. In all 
my years looking after Windows servers, I certainly never did. Nor did I 
ever hear anyone have a good reason for doing so. I'm not saying that 
they don't exist, but if you really need to share a file system, Samba 
doesn't stop you from doing it.


More information about the samba mailing list