[Samba] Proposal to change security=share in Samba 4.0

Andrew Bartlett abartlet at samba.org
Mon Feb 27 18:19:18 MST 2012


On Mon, 2012-02-27 at 19:45 -0500, simo wrote:
> On Tue, 2012-02-28 at 10:16 +1100, Andrew Bartlett wrote: 
> > On Mon, 2012-02-27 at 17:53 -0500, David Collier-Brown wrote:
> > 
> > > Am I correct in thinking this would make all shares have the same
> > > password as the guest user, or do you mean there really is no password
> > > at all, or alternatively that one would specify the share, provide
> > > it's password and be logged on as guest???
> > > 
> > > It's been a while since I had a security=share setup, but I remember
> > > WfW clients thinking that they had per-share passwords...
> > 
> > In the past, Samba tried to match the 'per share' password provided by
> > the client against a list of users, falling back to guest if 'guest ok =
> > yes' was set on the share.
> > 
> > What will happen now is that the password will be ignored, and only the
> > 'guest ok' will be checked, and access will be as guest.
> 
> This in effect means dropping security = share, can't we just
> effectively drop it instead of deceiving our users and making them
> believe they are using it ?

I am fully in support of dropping it.  

Kai asked that we still have a way to 'simply' configure the system for
trivial file access.  These semantics (guest only) broadly matches the
default file sharing access on WinXP.  (Windows 7 instead wants you to
use a HomeGroup, and makes just sharing a folder with no pw
substantially more difficult).

If the consensus of the list is to drop it outright, and simply error on
parsing security=share, I will prepare a patch to do that.  

The recommended simple sharing option of 'map to guest = bad user'
naturally remains.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org



More information about the samba mailing list