[Samba] Samba 4 security

steve steve at steve-ss.com
Wed Nov 30 11:52:02 MST 2011

On 30/11/11 19:20, Matthieu Patou wrote:
> Hello,
>> Each subfolder of /home is username:users. A file which is 0755
>> steve:users can be deleted by anyone. Samba 4 does not prompt for a
>> username and password when entering any share. This is just a plain
>> install of:
> Where is the /home ? on the Samba 4 AD server ? mounted on the client ?
> How did you created the subfolders ?
> Can you give a detailed list of action to reproduce your problem ?
> Matthieu.

I've tried both. In this example hh3 is the Samba server

smb.conf has:

path = /home
read only = no

/home has 2 users /home folders. /home/steve and /home/lynn both owned 
by their respective steve:users and lynn:users. Both users were created 
before Samba 4 was installed. Linux does not allow file creation nor 
deleting between the 2 folders.

so, on hh3:
login as steve

on konq do


click on the home folder

enter the lynn folder

create a file (it shouldn't allow you)
delete a different file (it shouldn't allow you)

Now go over to another client,
Login as someone different but not root.

repeat above.

The user on another physical box can also delete and create files in 
either the lynn or steve home folders.

With Samba 3, the user is asked to authenticate as expected. Samba 4 
never asks for authentication.

I think that this is because the share tells Samba 4 nothing about user 

Reproducible: Usually. Sometimes, after a reboot of the server, Samba 4 
will give access denied popups as expected. The error seems to creep in 
after a few minutes of uptime.


More information about the samba mailing list