[Samba] Samba 4 security

steve steve at steve-ss.com
Wed Nov 30 09:45:17 MST 2011

On 30/11/11 16:43, Matthieu Patou wrote:
> On 30/11/2011 10:48, steve wrote:
>> Hi
>> Samba 4 from GIT yesterday. openSUSE 12.2 server and client test
>> setup. Reproducible on an Ubuntu client too.
>> in smb.conf have:
>> [homes]
>> path = /home
>> read only = no
>> On a linux client (eg using konqueror or dolphin or nautilus) I enter
>> smb://hh3/steve
>> where hh3 is the name of the samba server. Samba is not installed on
>> the clients.
>> As a normal user, I can enter everyone else's /home folder and create
>> and delete anything I want!
> ACLs on subfolder might be wrong.
> Your script for creating the user and the user dir must take care of
> giving the correct rights.
> Matthieu.
Each subfolder of /home is username:users. A file which is 0755 
steve:users can be deleted by anyone. Samba 4 does not prompt for a 
username and password when entering any share. This is just a plain 
install of:
samba -V
Version 4.0.0alpha18-GIT-5c53926


More information about the samba mailing list