[Samba] Revisit - Re: Default Hidden Disk Shares
Robert Moskowitz
rgm at htt-consult.com
Wed Oct 20 19:31:39 MDT 2010
On 10/20/2010 03:37 PM, Robert Moskowitz wrote:
> Not to flog a dead horse,,,,
>
> I am building a replacement for my old NT server at home (been running
> undisturbed since '95) using the amahi.org distro, and turning on the
> advanced settings for PDC support. I have done a few things with the
> Amahi developers and have made mods to the DNS and DHCP setup script
> to suit my needs. Now for tackling the Samba stuff before configuring
> all new workstations as well (upgrading from W2K wrkstations to XP pro
> woo!).
>
> I am not so interested in C$ to access the whole drive, but to access
> all the user shares. So I was thinking about something like:
>
> [C$]
> comment = CC
> path = /home
> writeable = yes
> browseable = no
> valid users = admin1, admin2
> write list = admin1, admin2
> create mask = 0775
> force create mode = 0664
> directory mask = 0775
> force directory mode = 0775
>
Well, perhaps the masks are wrong because I see all of /home, but admin1
only can access /home/admin1
All the other directories gets access denied.
So what would be the proper masks?
> [D$]
> comment = DD
> path = /var/hda/files
> writeable = yes
> browseable = no
> valid users = admin1, admin2
> write list = admin1, admin2
> create mask = 0775
> force create mode = 0664
> directory mask = 0775
> force directory mode = 0775
>
> Of course, the Amahi front end won't let me name a share with a $ in
> it (or at least ending in one), and I am having to edit the smb.conf
> file to get this setup.
>
> Understanding that only Windows clients 'hide' $ shares, and given my
> goal of being able to view all shares from a couple shares, does this
> seem the way to go?
>
> On 07/05/2010 02:04 PM, Robert LeBlanc wrote:
>> The Windows client will hide any share that ends with a '$' whether
>> or not
>> it is an administrator share, it's doesn't know or care. In this case
>> there
>> is no difference between hidden and normal because to Windows they
>> are both
>> hidden. Give it a try sometime.
>>
>> If you hit the server with a Mac client, it shows all the shares (at
>> least
>> it used to, I haven't tried in a long time), even the c$, d$, etc. I
>> think
>> the Linux SMB clients also do the same. So to rely on 'server' to 'hide'
>> these shares, is a very false sense of security. It's the actual
>> client that
>> does the hiding from normal users.
>>
>> Robert LeBlanc
>> Life Sciences& Undergraduate Education Computer Support
>> Brigham Young University
>>
>>
>> On Mon, Jul 5, 2010 at 2:43 AM, Atkinson,
>> Robert<RATKINSON at tbs-ltd.co.uk>wrote:
>>
>>> Robert, the discussion was around the hidden ‘$’ shares, not
>>> normal ones.
>>>
>>>
>>>
>>> Rob.
>>>
>>>
>>>
>>> *From:* Robert LeBlanc [mailto:robert at leblancnet.us]
>>> *Sent:* 02 July 2010 19:15
>>> *To:* Atkinson, Robert
>>> *Cc:* Jeremy Allison; samba at lists.samba.org
>>>
>>> *Subject:* Re: [Samba] Default Hidden Disk Shares
>>>
>>>
>>>
>>> On Fri, Jul 2, 2010 at 2:05 AM, Atkinson,
>>> Robert<RATKINSON at tbs-ltd.co.uk>
>>> wrote:
>>>
>>> Interesting to see you say it's dangerous. The way the Windows version
>>> works
>>> is that you have to be part of the Administrator group to be able to
>>> see
>>> them, which I would have thought secure enough?
>>>
>>>
>>>
>>> This is not true, the share is advertised to anyone who asks. The
>>> Windows
>>> client only hides shares that end with a '$'. By default Windows gives
>>> access only to administrators (by default), but they are by no means
>>> hidden.
>>>
>>>
>>> Robert LeBlanc
>>> Life Sciences& Undergraduate Education Computer Support
>>> Brigham Young University
>>>
>>>
>>> ***********************************************************************************
>>>
>>>
>>> Any opinions expressed in email are those of the individual and not
>>> necessarily those of the company. This email and any files
>>> transmitted with
>>> it are confidential and solely for the use of the intended recipient or
>>> entity to whom they are addressed. It may contain material protected by
>>> attorney-client privilege. If you are not the intended recipient, or a
>>> person responsible for delivering to the intended recipient, be
>>> advised that
>>> you have received this email in error and that any use is strictly
>>> prohibited.
>>>
>>>
>>>
>>> Random House Group + 44 (0) 20 7840 8400
>>>
>>> http://www.randomhouse.co.uk
>>>
>>> http://www.booksattransworld.co.uk
>>>
>>> http://www.kidsatrandomhouse.co.uk
>>>
>>> Generic email address - enquiries at randomhouse.co.uk
>>>
>>>
>>>
>>> Name& Registered Office:
>>>
>>> THE RANDOM HOUSE GROUP LIMITED
>>>
>>> 20 VAUXHALL BRIDGE ROAD
>>>
>>> LONDON
>>>
>>> SW1V 2SA
>>>
>>> Random House Group Ltd is registered in the United Kingdom with
>>> company No.
>>> 00954009, VAT number 102838980
>>>
>>>
>>> ***********************************************************************************
>>>
>>>
>>>
>>>
More information about the samba
mailing list