reynierpm at gmail.com
2016-Aug-05 01:23 UTC
[CentOS] Enable all permissions for root in Samba ...
As I said in previous messages I have a local virtual machine running CentOS 7 so I do not need any security. Having that in mind I have installed Samba and this is how I setup for access the remote server: [global] workgroup = WORKGROUP server string = Samba Server %v netbios name = CentOS Server security = user map to guest = bad user dns proxy = no [root] path = / browsable =yes writable = yes guest ok = yes read only = no force user = root force group = root I am able to connect as root without password but I can't chdir into a few directories like for example /var/www. The permissions for such directory are: # ls -la /var/www/ total 4 drwxr-xr-x. 4 root root 31 Aug 4 19:00 . drwxr-xr-x. 20 root root 4096 Aug 4 20:02 .. drwxr-xr-x. 2 root root 6 Jul 18 11:30 cgi-bin drwxrwsr-x. 2 apache root 22 Jun 30 05:05 html Why I can't access to /var/html? What I am doing wrong? Thanks in advance *Reynier Perez Mira* Phone: (786) 5807572 EMail: reynierpm at gmail.com [image: Facebook] <https://facebook.com/ReynierPM> [image: Github] <https://github.com/reypm> [image: Google+] <https://plus.google.com/u/0/+ReynierP%C3%A9rezMira> [image: Twitter] <https://twitter.com/reypm> [image: LinkedIn] <https://www.linkedin.com/in/reynierpm>
On 8/4/2016 6:23 PM, reynierpm at gmail.com wrote:> local virtual machine running > CentOS 7 so I do not need any security.thats a mighty big assumption.> Having that in mind I have > installed Samba and this is how I setup for access the remote server: > > [global] > workgroup = WORKGROUP > server string = Samba Server %v > netbios name = CentOS Server > security = user > map to guest = bad user > dns proxy = no > > [root] > path = / > browsable =yes > writable = yes > guest ok = yes > read only = no > force user = root > force group = rootyour remote user who connects to this local VM is running windows as 'root' ? thats unusual. -- john r pierce, recycling bits in santa cruz
reynierpm at gmail.com
2016-Aug-05 01:50 UTC
[CentOS] Enable all permissions for root in Samba ...
On Thu, Aug 4, 2016 at 9:47 PM, John R Pierce <pierce at hogranch.com> wrote:> On 8/4/2016 6:23 PM, reynierpm at gmail.com wrote: > >> local virtual machine running >> CentOS 7 so I do not need any security. >> > > thats a mighty big assumption.I understand your concern because is a security flag but I can tell you that this is only a development environment because I use Windows as a host but I like to have all related to server in a VM> > > > Having that in mind I have >> installed Samba and this is how I setup for access the remote server: >> >> [global] >> workgroup = WORKGROUP >> server string = Samba Server %v >> netbios name = CentOS Server >> security = user >> map to guest = bad user >> dns proxy = no >> >> [root] >> path = / >> browsable =yes >> writable = yes >> guest ok = yes >> read only = no >> force user = root >> force group = root >> > > your remote user who connects to this local VM is running windows as > 'root' ? thats unusual.I am not sure what are you asking|telling me but I was never asked for a username/password to connect; it only goes ahead and connect but then I can't do anything like chdir or mkdir or create new files *Reynier Perez Mira* Phone: (786) 5807572 EMail: reynierpm at gmail.com [image: Facebook] <https://facebook.com/ReynierPM> [image: Github] <https://github.com/reypm> [image: Google+] <https://plus.google.com/u/0/+ReynierP%C3%A9rezMira> [image: Twitter] <https://twitter.com/reypm> [image: LinkedIn] <https://www.linkedin.com/in/reynierpm>
On Aug 4, 2016, at 7:23 PM, reynierpm at gmail.com wrote:> > I have a local virtual machine running > CentOS 7 so I do not need any security.Do you know what island hopping is? https://en.wikipedia.org/wiki/Exploit_(computer_security)#Pivoting Please explain to me how you are not attempting to create the easiest-to-access island of all time. That is, once an attacker gets into the VM, how have you precluded them from using that as a base of operations for attacking the rest of your LAN?> [root] > path = /Samba isn?t allowed to access arbitrary places in the filesystem by default. You either need to mark the whole drive as accessible to Samba or disable SELinux: https://en.wikipedia.org/wiki/Exploit_(computer_security)#Pivoting You should probably be using something like SSHFS anyway: https://softwarerecs.stackexchange.com/questions/13875/
On Aug 5, 2016, at 1:05 PM, Warren Young <wyml at etr-usa.com> wrote:> > Samba isn?t allowed to access arbitrary places in the filesystem by default. You either need to mark the whole drive as accessible to Samba or disable SELinux: > > https://en.wikipedia.org/wiki/Exploit_(computer_security)#PivotingSorry, pasted the first link twice. Here?s the correct one: https://wiki.centos.org/HowTos/SetUpSamba