I got back from school the other day and set up samba to avoid hearing
questions from my father about "why can't I see your computer from my
network neighborhood" etc etc and he wants to mount my mp3 files.. I also
set up the standard homes share, but besides being able to connect to
_his_ home directory, he is able to _any_ home directory! This is
definitely not the behavior I am looking for here. From the smb.conf man
page I can see nothing that addresses this problem/feature. What am I
missing here?
(PS - I am not subscribed to the list yet, please CC any responses
directly to me)
+----------------------+----------------------------------------+
| bytor@logicsouth.com | UNIX _is_ user-friendly. It's just not |
| By-Tor@EfNet | ignorant-friendly and idiot-friendly. |
+----------------------+----------------------------------------+
bytor@logicsouth.com wrote:> I got back from school the other day and set up samba to avoid hearing > questions from my father about "why can't I see your computer from my > network neighborhood" etc etc and he wants to mount my mp3 files.. I also > set up the standard homes share, but besides being able to connect to > _his_ home directory, he is able to _any_ home directory! This is > definitely not the behavior I am looking for here. From the smb.conf man > page I can see nothing that addresses this problem/feature. What am I > missing here?This is the expected behavior. You may have noticed that your father can connect to any home dir but he can only write to his own directory. Either set the permissions on your home directories so that only the owner of the directory can access them (i.e., chmod 600 /home/*), or set 'valid users = %S' in the [homes] section of your smb.conf file. The latter solution causes Samba to only allow the owner of a home directory to access their directory. --------------------------------------------------------------------- John D. Blair jdblair@cobaltmicro.com Software Engineer, Cobalt Microserver ---------------------------------------------------------------------
You wrote: | but besides being able to connect to _his_ home directory, he is | able to [connect to] _any_ home directory! This is definitely not the | behaviour I am looking for here. This looks worse than it is: he's connecting to them **as himself**, not as the share owners. This is the equivalent of me saying ``cd /etc'' as a normal Unix user. I can look around, but not change things. If you want to prohibit people logging via Samba to one of these accounts, consider adding an ``invalid users = '' list, mentioning the accounts you don't want people to connect to. For convenience, you might want to make a group, say ``daemons'', put the accounts into it and say ``invalid users = @daemons''. Just looking at the accounts? I think you might do something with read only = yes and read lists, but I've not investigated it... --dave -- David Collier-Brown, | Always do right. This will gratify some people 185 Ellerslie Ave., | and astonish the rest. -- Mark Twain Willowdale, Ontario | davecb@hobbes.ss.org, canada.sun.com M2N 1Y3. 416-223-8968 | java.science.yorku.ca/~davecb
> Actually someone (I lost the email, sorry) gave me the solution "valid > users = %S", which appears to do exactly what I want. This appears to be > at least a midly confusing issue at best, perhaps a simple addition to > UNIX_INSTALL.txt or another file would alleviate some possible > confusion... I would say that at least some mention of being able to<shameless_self_promotion> see "Samba: Integrating UNIX and Windows," page 236 (other tricky issues are also nicely documented) </shameless_self_promotion> In all fairness, I need to add a mention of this to the docs that come with Samba.> browse all home dirs is in order, as when I read the information > concerning the setup I was under the impression that it only created the > share for the home directory of the validated user, not _any_ valid > user... In retrospect, do other unix SMB suites exhibit similar behavior?I see how it is easy to get that impression, but I think the behavior should most definately stay the way it is. Its consistent with the way UNIX works in general, at least on two counts. First, in the specific case of home directories, UNIX installs almost always allow users to read from each other's home directories by default. Second, as a general principle, UNIX tends to give more rights by default, giving you the option to take them away. Most other OSs take the opposite approach. I like the fact that UNIX is liberal by default. regards... -john. --------------------------------------------------------------------- John D. Blair jdblair@cobaltmicro.com Software Engineer, Cobalt Microserver ---------------------------------------------------------------------
On Tue, 26 May 1998, David Collier-Brown wrote:> This looks worse than it is: he's connecting to them > **as himself**, not as the share owners. This is the > equivalent of me saying ``cd /etc'' as a normal Unix user. > I can look around, but not change things. > If you want to prohibit people logging via Samba to > one of these accounts, consider adding an > ``invalid users = '' list, mentioning the accounts > you don't want people to connect to. For convenience, > you might want to make a group, say ``daemons'', put > the accounts into it and say ``invalid users = @daemons''. > > Just looking at the accounts? I think you might do something > with read only = yes and read lists, but I've not investigated > it...Actually someone (I lost the email, sorry) gave me the solution "valid users = %S", which appears to do exactly what I want. This appears to be at least a midly confusing issue at best, perhaps a simple addition to UNIX_INSTALL.txt or another file would alleviate some possible confusion... I would say that at least some mention of being able to browse all home dirs is in order, as when I read the information concerning the setup I was under the impression that it only created the share for the home directory of the validated user, not _any_ valid user... In retrospect, do other unix SMB suites exhibit similar behavior? +----------------------+----------------------------------------+ | bytor@logicsouth.com | UNIX _is_ user-friendly. It's just not | | By-Tor@EfNet | ignorant-friendly and idiot-friendly. | +----------------------+----------------------------------------+