[Samba] The wisdom - or otherwise - of replacing outright rather than merely appending to the example smb.conf file shipped with SAMBA during new server commissioning?
Rowland Penny
rpenny at samba.org
Tue Apr 16 11:16:49 UTC 2019
On Tue, 16 Apr 2019 11:40:10 +0100
Stephen via samba <samba at lists.samba.org> wrote:
> I have a general question regarding smb.conf and I was hoping that
> some of the rather more knowledgeable and experienced people here
> could please comment please?
>
> I am currently setting my various SAMBA systems up via some
> shell-scripts. Within these scripts, I remove the stock smb.conf
> shipped with Samba and replace this with an empty smb.conf file to
> which I add my own configuration options afterwards. Obviously I
> COULD instead simply append my changes to the existing file. However
> currently i just remove the existing smb.conf and start again with a
> blank file because the alternative seemed like more hassle!
I take it you mean you are doing something like this:
rm -f /etc/samba/smb.conf
cat > /etc/samba/smb.conf <<EOF
[global]
whatever lines you want
............
...........
........
[ashare]
...........
.......
....
EOF
There is no problem with doing this, unless you are doing this on a DC,
in which case I would use 'sed' to add lines into the existing smb.conf
>
> Am I potentially risking the security of my systems by replacing the
> stock smb.conf shipped with Samba in this way? Obviously doing what I
> have just described will erase all the default configuration settings
> shipped in the installation.
It wont actually, if a line isn't there, then a default setting may be
used and it might not be what you want.
> Are any of the shipped default configuration parameters essential to
> have from a security perspective? Am I doing something stupid here?
Provided the required lines are in smb.conf before you start Samba,
you will not have a problem, but if a line is missing, then the
default setting will be used. For instance, if you do not enter a line
that begins 'workgroup =', then the default workgroup name 'WORKGROUP'
will be used.
Rowland
More information about the samba
mailing list