Given the following situation: I have 2 different home directories. If a user logs on to 'home directory 1', can that particular user browse into 'home directory 2' or other directories? The reason for this question is that I need a server on which can be accessed by the corporate staff and by the personel. However, the personel may not be able to gain acces to financial and other files with sensitive information. Nico Coesel
Hi, I was thinking about the security of PDC's and came up with the following scenario: There is a Windows NT server running as PDC for Domain1. Next a Samba server is installed on the same domain and also as PDC (with a higher OS level than WinNT). All users would login to the Samba server, right? But, if this is possible, it would be discovered immediately because no user can login with their original password. Is it possible to configure Samba to be a PDC (for executing logon scripts) and 'relay' the authentication to the original WinNT PDC (with security=server or domain). If that is possible a domain can be 'taken over' without the users noticing it! I don't know if what I described above is possible but if it is, it would be a security hazard when the administrator can not check all the pcs connected to a network! Regards, Jan-Pieter van den Heuvel -------------- next part -------------- HTML attachment scrubbed and removed
Just thinking about the nasty stuff that windows users might shove up on my linux samba server makes my blood boil! Seriously, it seems like bad practice to let just any user save to a common directory, download from it, and to erase/change any files he/she wants to. During the last worm (nimda), samba servers could be used as a nidus of infection by transmitting the worm to windows clients. It strikes me that there is an "easy" solution for this. Would it not be possible to have two shares for clients. One share is read only, whence the client may download files to his/he machine. The other share is the upload share. The client would save his/her file here. Then, a daemon on the samba server would: 1. Scan the file for viruses/worms, in fact, any executable or file not meeting certain strict requirements. If the file is rejected it is sequestered in a directory which cannot be seen by the clients. 2. If the file is accepted after step #1, it is moved to the download share. If a file of the same name already exists, the old file is renamed and moved to a directory not accessable by the clients. This sounds like it would make it difficult for malicious users or progams to do mischief on a samba server. I haven't thought about the file locking issues. Any comments? Joel