[Samba] Revisit - Re: Default Hidden Disk Shares

Robert Moskowitz rgm at htt-consult.com
Wed Oct 20 19:31:39 MDT 2010 


On 10/20/2010 03:37 PM, Robert Moskowitz wrote:
> Not to flog a dead horse,,,,
>
> I am building a replacement for my old NT server at home (been running 
> undisturbed since '95) using the amahi.org distro, and turning on the 
> advanced settings for PDC support.  I have done a few things with the 
> Amahi developers and have made mods to the DNS and DHCP setup script 
> to suit my needs.  Now for tackling the Samba stuff before configuring 
> all new workstations as well (upgrading from W2K wrkstations to XP pro 
> woo!).
>
> I am not so interested in C$ to access the whole drive, but to access 
> all the user shares.  So I was thinking about something like:
>
> [C$]
>     comment = CC
>     path = /home
>     writeable = yes
>     browseable = no
>     valid users = admin1, admin2
>     write list = admin1, admin2
>     create mask = 0775
>     force create mode = 0664
>     directory mask = 0775
>     force directory mode = 0775
>

Well, perhaps the masks are wrong because I see all of /home, but admin1 
only can access /home/admin1

All the other directories gets access denied.

So what would be the proper masks?

> [D$]
>     comment = DD
>     path = /var/hda/files
>     writeable = yes
>     browseable = no
>     valid users = admin1, admin2
>     write list = admin1, admin2
>     create mask = 0775
>     force create mode = 0664
>     directory mask = 0775
>     force directory mode = 0775
>
> Of course, the Amahi front end won't let me name a share with a $ in 
> it (or at least ending in one), and I am having to edit the smb.conf 
> file to get this setup.
>
> Understanding that only Windows clients 'hide' $ shares, and given my 
> goal of being able to view all shares from a couple shares, does this 
> seem the way to go?
>
> On 07/05/2010 02:04 PM, Robert LeBlanc wrote:
>> The Windows client will hide any share that ends with a '$' whether 
>> or not
>> it is an administrator share, it's doesn't know or care. In this case 
>> there
>> is no difference between hidden and normal because to Windows they 
>> are both
>> hidden. Give it a try sometime.
>>
>> If you hit the server with a Mac client, it shows all the shares (at 
>> least
>> it used to, I haven't tried in a long time), even the c$, d$, etc. I 
>> think
>> the Linux SMB clients also do the same. So to rely on 'server' to 'hide'
>> these shares, is a very false sense of security. It's the actual 
>> client that
>> does the hiding from normal users.
>>
>> Robert LeBlanc
>> Life Sciences&  Undergraduate Education Computer Support
>> Brigham Young University
>>
>>
>> On Mon, Jul 5, 2010 at 2:43 AM, Atkinson, 
>> Robert<RATKINSON at tbs-ltd.co.uk>wrote:
>>
>>>   Robert, the discussion was around the hidden ‘$’ shares, not 
>>> normal ones.
>>>
>>>
>>>
>>> Rob.
>>>
>>>
>>>
>>> *From:* Robert LeBlanc [mailto:robert at leblancnet.us]
>>> *Sent:* 02 July 2010 19:15
>>> *To:* Atkinson, Robert
>>> *Cc:* Jeremy Allison; samba at lists.samba.org
>>>
>>> *Subject:* Re: [Samba] Default Hidden Disk Shares
>>>
>>>
>>>
>>> On Fri, Jul 2, 2010 at 2:05 AM, Atkinson, 
>>> Robert<RATKINSON at tbs-ltd.co.uk>
>>> wrote:
>>>
>>> Interesting to see you say it's dangerous. The way the Windows version
>>> works
>>> is that you have to be part of the Administrator group to be able to 
>>> see
>>> them, which I would have thought secure enough?
>>>
>>>
>>>
>>> This is not true, the share is advertised to anyone who asks. The 
>>> Windows
>>> client only hides shares that end with a '$'. By default Windows gives
>>> access only to administrators (by default), but they are by no means 
>>> hidden.
>>>
>>>
>>> Robert LeBlanc
>>> Life Sciences&  Undergraduate Education Computer Support
>>> Brigham Young University
>>>
>>>
>>> *********************************************************************************** 
>>>
>>>
>>> Any opinions expressed in email are those of the individual and not
>>> necessarily those of the company. This email and any files 
>>> transmitted with
>>> it are confidential and solely for the use of the intended recipient or
>>> entity to whom they are addressed. It may contain material protected by
>>> attorney-client privilege. If you are not the intended recipient, or a
>>> person responsible for delivering to the intended recipient, be 
>>> advised that
>>> you have received this email in error and that any use is strictly
>>> prohibited.
>>>
>>>
>>>
>>> Random House Group + 44 (0) 20 7840 8400
>>>
>>> http://www.randomhouse.co.uk
>>>
>>> http://www.booksattransworld.co.uk
>>>
>>> http://www.kidsatrandomhouse.co.uk
>>>
>>> Generic email address - enquiries at randomhouse.co.uk
>>>
>>>
>>>
>>> Name&  Registered Office:
>>>
>>> THE RANDOM HOUSE GROUP LIMITED
>>>
>>> 20 VAUXHALL BRIDGE ROAD
>>>
>>> LONDON
>>>
>>> SW1V 2SA
>>>
>>> Random House Group Ltd is registered in the United Kingdom with 
>>> company No.
>>> 00954009, VAT number 102838980
>>>
>>>
>>> *********************************************************************************** 
>>>
>>>
>>>
>>>

More information about the samba mailing list