[Samba] Samba 4 security
steve at steve-ss.com
Wed Nov 30 11:52:02 MST 2011
On 30/11/11 19:20, Matthieu Patou wrote:
>> Each subfolder of /home is username:users. A file which is 0755
>> steve:users can be deleted by anyone. Samba 4 does not prompt for a
>> username and password when entering any share. This is just a plain
>> install of:
> Where is the /home ? on the Samba 4 AD server ? mounted on the client ?
> How did you created the subfolders ?
> Can you give a detailed list of action to reproduce your problem ?
I've tried both. In this example hh3 is the Samba server 192.168.1.3
path = /home
read only = no
/home has 2 users /home folders. /home/steve and /home/lynn both owned
by their respective steve:users and lynn:users. Both users were created
before Samba 4 was installed. Linux does not allow file creation nor
deleting between the 2 folders.
so, on hh3:
login as steve
on konq do
click on the home folder
enter the lynn folder
create a file (it shouldn't allow you)
delete a different file (it shouldn't allow you)
Now go over to another client, 192.168.1.4
Login as someone different but not root.
The user on another physical box can also delete and create files in
either the lynn or steve home folders.
With Samba 3, the user is asked to authenticate as expected. Samba 4
never asks for authentication.
I think that this is because the share tells Samba 4 nothing about user
Reproducible: Usually. Sometimes, after a reboot of the server, Samba 4
will give access denied popups as expected. The error seems to creep in
after a few minutes of uptime.
More information about the samba