[Samba] Fwd: Re: Restrict access to users home drives
ts at linexus.de
Fri Oct 25 08:27:29 MDT 2013
Am 24.10.2013 21:00, schrieb Marc Muehlfeld:
> Hello Thoralf,
> Am 24.10.2013 20:32, schrieb "Th. Söldenwagner":
>> is it possible to hide/restrict access to the home drives of our samba
>> users when accessing them directly via netbios address?
>> The server is running at school and there are several pupils who have
>> the ability to misuse this situation.
> Don't simply hide something! That's security by obscurity. And I'm 100%
> sure, that it will be abused. :-)
> Is it neccessary, that users have access to foreign homes? Or is it just
> a misconfiguration?
On the contrary! As I mentioned, I don't want all users have access to
foreign homes. So, maybe a misconfiguration. Following is what I did so far:
Created user demo1 in ADUC and set its home drive to H: with the path
the directory was automatically created on the samba (4.1.0) server
with these permissions: drwxrwxr-x+ 2 3000000 users
The corresponding entry in smb.conf is:
path = /files_samba/userdirs
read only = yes
created test.txt on H: as user demo1. The permissions are:
-rwxrwxr-x+ 1 3000057 users 0 Oct 21 19:06 test.txt
4. logged in as user demo2 and opened the samba shares in address line:
All shares show up and I can open the data folder and all other user
folders except that I can't write to them. Users shouldn't be able to
see other folders at all or the data share should be restricted but I
have no idea how to set this up...
Should this be done in ADUC or on the samba side?
> Here's a HowTo about setting up file shares:
> It also describes how to configure permissions. If you use a filesystem
> that supports user_xattr, you can use all ACL stuff windows provides.
My filesystem supports user_xattr.
More information about the samba