Hello!
I just noticed a behavior of samba I am wundering about:
I have a Samba-Server with a [homes] section.
As user "barth" I conect to this using
\\<Samba-Server>\<any username>
permission is checked for "barth" with his password and access is
granted with the rights of barth to the HOME-directory of
<any username>.
So far so good. This also works with the following system-accounts:
bin:*:1:1:bin:/bin:
daemon:*:2:2:daemon:/sbin:
adm:*:3:4:adm:/var/adm:
lp:*:4:7:lp:/var/spool/lpd:
sync:*:5:0:sync:/sbin:/bin/sync
shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown
halt:*:7:0:halt:/sbin:/sbin/halt
mail:*:8:12:mail:/var/spool/mail:
news:*:9:13:news:/var/spool/news:
uucp:*:10:14:uucp:/var/spool/uucp:
operator:*:11:0:operator:/root:
games:*:12:99:games:/usr/games:
gopher:*:13:30:gopher:/usr/lib/gopher-data:
nobody:*:99:99:Nobody:/:
And this is where things go bad: Samba gives access to directories I
do not want it to, for example / meaning the whole directory tree of
my server.
Is this intended to work this way?
I would have expected that the conection is made to the home
directory of the user used for the authentisation.
The above works with 1.9.18p10 on solaris 2.3 (encrypted passwords
and security = server) and with 2.0.6 on linux (RedHat, encryped
passwords, the password server for the solaris machine; the system
acconts are not in smbpasswd). And it works with 2.0.6 on aix 4.3.
Is there a way to configure samba not to give access to the home dirs
of my system accounts?
I think it is not a good idea to change them all to /dev/null !
Please replay direct to me as I'm not on the list,
Thanks
Christian
P.S.:
The only way I currently see to prevent the above behavior is to
create sharse with the name of the system accounts and
path = /dev/null
invalid users = @everyone
valid user = <some guy with locked account and ...>
_______________________________________________________________________
In a world without walls and fences, who needs windows and gates? (SUN)