[Samba] Samba 4 security
steve at steve-ss.com
Wed Nov 30 09:45:17 MST 2011
On 30/11/11 16:43, Matthieu Patou wrote:
> On 30/11/2011 10:48, steve wrote:
>> Samba 4 from GIT yesterday. openSUSE 12.2 server and client test
>> setup. Reproducible on an Ubuntu client too.
>> in smb.conf have:
>> path = /home
>> read only = no
>> On a linux client (eg using konqueror or dolphin or nautilus) I enter
>> where hh3 is the name of the samba server. Samba is not installed on
>> the clients.
>> As a normal user, I can enter everyone else's /home folder and create
>> and delete anything I want!
> ACLs on subfolder might be wrong.
> Your script for creating the user and the user dir must take care of
> giving the correct rights.
Each subfolder of /home is username:users. A file which is 0755
steve:users can be deleted by anyone. Samba 4 does not prompt for a
username and password when entering any share. This is just a plain
More information about the samba