Having Trouble With Gnome With A Samba Mounted home Directory

Simo Sorce simo.sorce at polimi.it
Fri Feb 16 14:35:38 GMT 2001 

This is really a weird idea.
Samba shared filesystems does not provide all the things a true unix file
system or nfs provide.
And about the security:
the first thing a user that gain a root chell will do is to change some
executables to get the other users passwords if needed: fake login, fake
telnet, fake ssh, fake samba.
Enforce single workstation security it is abetter effort and make daily
backups so that user may recover data if needed.


just my 2 eurocents.
Simo.

On Thu, 15 Feb 2001, David Minard wrote:

> To Whomever Can Help,
>
> Back Ground:
>
> 	We're trying to set up labs of Red Hat Linux boxes for our
> students.  We're a bit concerned that if we use NFS to mount home
> directories, and they manage to get a root shell, they will be able
> to become anyother user, and wipe out that user's home directory and
> not be challenged by further password requests to get into those
> directories.  (It's easy to stop root from ferriting around in
> directories with NFS).  So, we decided to try to use SAMBA to mount
> the home directory of the user who logs into the Red Hat box.  SAMBA
> asks for a password, which is what we want.  That way if they get a
> root shell, to mount someone elses home directory, they have got to
> enter the password for that user...  It won't stop them, but it will
> slow them down.
>
> 	We tried automount but it did some rather strange things when
> it was asking for the user's password - we had to abandon that - for
> now.
>
>
> The Problem:
>
> 	When a user logs in, and gets into their home directory via
> SAMBA, and then runs "startx", it crashes with the following errors:
>
> "Xauth:  error in locking authority file /home/.Xauthority"
>
> and then
>
> "** WARNING **: Unable to lock ICE authority file: /home/.ICEauthority"
>
> At this point X bails.
>
>
> 	Why I think it's a SAMBA problem, is because if I set up the
> box to use NFS to mount the home directory, when you use startx, it
> works perfectly.
>
>
> 	The Linux box is running 7.0 with security patches installed.
> 	The Samba server is running on a True64 box (OSF V4.01229),
> and the Samba server is: 2.07.
>
>
> 	If anyone can shed some light on this, could they reply to me
> directly (david at cit.uws.edu.au), as I don't want to be on the list?
> I've scoured the lists for anything that might relate, but haven't
> come across anything...
>
> In anticipation,
>
>

-- 
Simo Sorce - Linux Systems Consultant
E-mail: simo.sorce at polimi.it
Tel: +39 0348 7149179 - Fax: +39 02 700442399
-----------------------------------------------------------------
Be happy, use Linux!

More information about the samba-technical mailing list