[Samba] Proposal to change security=share in Samba 4.0

simo idra at samba.org
Mon Feb 27 19:06:00 MST 2012


On Tue, 2012-02-28 at 12:19 +1100, Andrew Bartlett wrote: 
> On Mon, 2012-02-27 at 19:45 -0500, simo wrote:
> > On Tue, 2012-02-28 at 10:16 +1100, Andrew Bartlett wrote: 
> > > On Mon, 2012-02-27 at 17:53 -0500, David Collier-Brown wrote:
> > > 
> > > > Am I correct in thinking this would make all shares have the same
> > > > password as the guest user, or do you mean there really is no password
> > > > at all, or alternatively that one would specify the share, provide
> > > > it's password and be logged on as guest???
> > > > 
> > > > It's been a while since I had a security=share setup, but I remember
> > > > WfW clients thinking that they had per-share passwords...
> > > 
> > > In the past, Samba tried to match the 'per share' password provided by
> > > the client against a list of users, falling back to guest if 'guest ok =
> > > yes' was set on the share.
> > > 
> > > What will happen now is that the password will be ignored, and only the
> > > 'guest ok' will be checked, and access will be as guest.
> > 
> > This in effect means dropping security = share, can't we just
> > effectively drop it instead of deceiving our users and making them
> > believe they are using it ?
> 
> I am fully in support of dropping it.  
> 
> Kai asked that we still have a way to 'simply' configure the system for
> trivial file access.  These semantics (guest only) broadly matches the
> default file sharing access on WinXP.  (Windows 7 instead wants you to
> use a HomeGroup, and makes just sharing a folder with no pw
> substantially more difficult).
> 
> If the consensus of the list is to drop it outright, and simply error on
> parsing security=share, I will prepare a patch to do that.  
> 
> The recommended simple sharing option of 'map to guest = bad user'
> naturally remains.

I would prefer dropping security = share completely.
security = user + map to guest is sufficient for people that want to
allow 'guest' access.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>



More information about the samba mailing list