After upgrading rc2 -> rc4 (suse binary packages) line 'valid users = %S' in [homes] section prevents user getting to his homedirectory in logfile smbd says: [2003/09/25 15:07:59, 2] smbd/service.c:make_connection_snum(384) user 'xxxx' (from session setup) not permitted to access this share (xxxx) Hannu
On Friday 26 September 2003 00:15, Hannu Tikka wrote:> After upgrading rc2 -> rc4 (suse binary packages) > > line 'valid users = %S' in [homes] section prevents user getting to his > homedirectorySame change occured here when upgrading from 2.2.7a to the 3.0.0 release.
The problem I have with this, using 2.2.8a on Solaris is any user can open any other's home if they simply know the name of the other user. logging in as rpetty, I can open NOBODY, ROOT, UUCP etc. I have to be able to limit the ability. What perplexes me is that even when I am not sharing [homes], I can still open the "NOBODY" share. Since nobody's home directory was "/" it would open the root directory! In case it matters, I am using Winbind for my security model (security = domain) but am having considerable issues with querying trusted domains. Winbind is being very painful with 7-9 second connection times for each share or files within shares. This only happens when the Winbind timeout time lapses so I've bumped it up to 300 seconds. Not _as_ painful but still too painful for production.> -----Original Message----- > From: John H Terpstra [mailto:jht@samba.org] > Sent: Friday, September 26, 2003 10:05 AM > To: Chris Smith > Cc: samba@lists.samba.org > Subject: Re: [Samba] valid users = %S in rc4 > > > Guys, > > The homes share should be set to be "browsable = No". > Do NOT set the "valid users = %S" on the homes share. > > - John T. > > > On Fri, 26 Sep 2003, Chris Smith wrote: > > > On Friday 26 September 2003 10:26, Derek T. Yarnell wrote: > > > I see this problem too. I thought that I was going crazy. > > > > > > On Fri, Sep 26, 2003 at 10:14:36AM -0400, Chris Smith wrote: > > > > On Friday 26 September 2003 00:15, Hannu Tikka wrote: > > > > > After upgrading rc2 -> rc4 (suse binary packages) > > > > > > > > > > line 'valid users = %S' in [homes] section prevents > user getting to his > > > > > homedirectory > > > > > > > > Same change occured here when upgrading from 2.2.7a to > the 3.0.0 release. > > > > Not only that but here I also see the homes share exposed > twice in browse > > lists, both as "homes" and also as the usersname with both > shares being the > > users home directory for that user. This is also different > from previous > > versions. > > > > Chris > > > > -- > John H Terpstra > Email: jht@samba.org > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
No, I haven't filed a bug report... The key part of my message "was": "Since nobody's home > directory was "/" > > it would open the root directory" I have changed it since I immediately recognized it as a security issue. The initial response to "Why is 'nobody' home set at '/' - why not '/tmp' or" is that when you install a brand new version of Solaris 9, that's how Sun sets it. Ironically, applying jass didn't change it! Seems to me that jass missed a key issue. anyhow, I'm heading off topic. This will be interesting to see how the %S plays out since we essentially require it to enforce security for home directories.... Robert> -----Original Message----- > From: John H Terpstra [mailto:jht@samba.org] > Sent: Friday, September 26, 2003 10:18 AM > To: Petty, Robert > Cc: Chris Smith; samba@lists.samba.org > Subject: RE: [Samba] valid users = %S in rc4 > > > On Fri, 26 Sep 2003, Petty, Robert wrote: > > > The problem I have with this, using 2.2.8a on Solaris is > any user can open > > any other's home if they simply know the name of the other > user. logging in > > as rpetty, I can open NOBODY, ROOT, UUCP etc. I have to be > able to limit > > the ability. What perplexes me is that even when I am not > sharing [homes], > > I can still open the "NOBODY" share. Since nobody's home > directory was "/" > > it would open the root directory! In case it matters, I am > using Winbind > > for my security model (security = domain) but am having > considerable issues > > with querying trusted domains. Winbind is being very > painful with 7-9 > > second connection times for each share or files within > shares. This only > > happens when the Winbind timeout time lapses so I've bumped > it up to 300 > > seconds. Not _as_ painful but still too painful for production. > > Directory access is limited by file system access controls. > Samba honors > these. > > Why is 'nobody' home set at '/' - why not '/tmp' or some > other inocuous > path? > > Have you files a bug report? https://bugzilla.samba.org > > - John T. > > > > > -----Original Message----- > > > From: John H Terpstra [mailto:jht@samba.org] > > > Sent: Friday, September 26, 2003 10:05 AM > > > To: Chris Smith > > > Cc: samba@lists.samba.org > > > Subject: Re: [Samba] valid users = %S in rc4 > > > > > > > > > Guys, > > > > > > The homes share should be set to be "browsable = No". > > > Do NOT set the "valid users = %S" on the homes share. > > > > > > - John T. > > > > > > > > > On Fri, 26 Sep 2003, Chris Smith wrote: > > > > > > > On Friday 26 September 2003 10:26, Derek T. Yarnell wrote: > > > > > I see this problem too. I thought that I was going crazy. > > > > > > > > > > On Fri, Sep 26, 2003 at 10:14:36AM -0400, Chris Smith wrote: > > > > > > On Friday 26 September 2003 00:15, Hannu Tikka wrote: > > > > > > > After upgrading rc2 -> rc4 (suse binary packages) > > > > > > > > > > > > > > line 'valid users = %S' in [homes] section prevents > > > user getting to his > > > > > > > homedirectory > > > > > > > > > > > > Same change occured here when upgrading from 2.2.7a to > > > the 3.0.0 release. > > > > > > > > Not only that but here I also see the homes share exposed > > > twice in browse > > > > lists, both as "homes" and also as the usersname with both > > > shares being the > > > > users home directory for that user. This is also different > > > from previous > > > > versions. > > > > > > > > Chris > > > > > > > > > > -- > > > John H Terpstra > > > Email: jht@samba.org > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > > > > -- > John H Terpstra > Email: jht@samba.org >
On Friday 26 September 2003 12:28, John H Terpstra wrote:> On Fri, 26 Sep 2003, Petty, Robert wrote: > > > No, I haven't filed a bug report... > > > > The key part of my message "was": > > "Since nobody's home > directory was "/" > > it would open the root > > directory" > > > > I have changed it since I immediately recognized it as a security issue. > > > > The initial response to "Why is 'nobody' home set at '/' - why not '/tmp' > > or" is that when you install a brand new version of Solaris 9, that's how > > Sun sets it. Ironically, applying jass didn't change it! Seems to methat> > jass missed a key issue. anyhow, I'm heading off topic. > > > > This will be interesting to see how the %S plays out since we essentially > > require it to enforce security for home directories.... > > Does this mean that you operate a UNIX system with lax security on user > home directories? ie: Others have permission to read any users' home > directory? Hmmm. Not good.From my little understanding it is quite common that read access is granted to all users home directories by default in many Unixes. It is up to the user to chmod if the behavior is not desired. Regardless, local access and MS share access are really two different things and it is perfectly acceptable to want to allow one and not the other. Otherwise we could just dispense with the valid users tag altogether.