Hello, I discovered that user1 can view other homedirs if the other user, say user2, is logged in, by simply typing in the network neighbourhood \\server\user2. is this a bug, or are there work arounds, or is it my fault? my os is RedHat 6.2 and Samba 2.0.7 Thanks, Hilbert -------------- next part -------------- HTML attachment scrubbed and removed
On Wed, 4 Oct 2000 09:43:09 +0200, you wrote:>I discovered that user1 can view other homedirs if the other user, say user2, is logged in, by simply typing in the network neighbourhood \\server\user2. >is this a bug, or are there work arounds, or is it my fault? my os is RedHat 6.2 and Samba 2.0.7 >Are you using valid users = %S in the [homes] section? Without that, see what happens from win9x doing start, \\sambaserver\nobody ... -- giulioo@pobox.com
On Wed, Oct 04, 2000 at 09:43:09AM +0200, Hilbert Mostert wrote:> Hello, > > I discovered that user1 can view other homedirs if the other user, say user2, is logged in, by simply typing in the network neighbourhood \\server\user2. > is this a bug, or are there work arounds, or is it my fault? my os is RedHat 6.2 and Samba 2.0.7This happens for me too. Our default users' home directory permissions are 700 so samba can't chdir to them and therefore access is denied but I tested the above with 755 and I could see everything in other users' homes. Same version of samba and OpenBSD 2.7.
On Wed, Oct 04, 2000 at 10:42:20AM +0200, Giulio Orsero wrote:> On Wed, 4 Oct 2000 09:43:09 +0200, you wrote: > > >I discovered that user1 can view other homedirs if the other user, say user2, is logged in, by simply typing in the network neighbourhood \\server\user2. > >is this a bug, or are there work arounds, or is it my fault? my os is RedHat 6.2 and Samba 2.0.7 > > > Are you using > valid users = %S > in the [homes] section? > > Without that, see what happens from win9x doing > start, \\sambaserver\nobody ...Ahhh.
--On 10/04/00 09:43:09 AM +0200 Hilbert Mostert <hilbert_mostert@hotmail.com> wrote:> > Hello, > > I discovered that user1 can view other homedirs if the other user, say > user2, is logged in, by simply typing in the network neighbourhood > \\server\user2. is this a bug, or are there work arounds, or is it my > fault? my os is RedHat 6.2 and Samba 2.0.7 > > > Thanks, > HilbertHmmm... You said user1 can see user2's files if user2 is logged in. What if user2 is not logged in? This sounds like a permissions issue. Make sure homedirs have UNIX permissions of 0700, meaning only the owner can read them. Also, make sure you are using the correct authentication security level (i.e., share, user, server or domain). My servers, for example, all use domain level and are members of an NT domain. Anybody who is authenticated into the domain has access to any shares on the SAMBA servers with the appropriate permissions set which is normative in an NT network. In the UNIX world file perms are the ultimate ACL. BTW, and not to sound like an advertisement, but a large number of the questions I see posted on this list are answered -- and frequently better answered -- in the O'Reilly "Using SAMBA" book. Some or all of the text is available on-line, but it's hard to curl up at night with my web browser and so I prefer the printed version. -- Rob _ _ _ _ _ _ _ _ _ _ /\_\_\_\_\ /\_\ /\_\_\_\_\_\ /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT, /\/_/__\/_/ __ /\/_/ /\/_/ PROFUNDUM VIDITUR /\/_/_/_/_/ /\_\ /\/_/ /\/_/ /\/_/ \/_/ /\/_/_/\/_/ /\/_/ (Whatever is said in Latin \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound) Rob Tanner UNIX and Networks Manager Linfield College, McMinnville OR (503) 434-2558 <rtanner@linfield.edu>
On Wed, Oct 04, 2000 at 01:40:21PM -0700, Paul Espinosa wrote:> So, what does the valid users = %S mean? More precisely what does the %S > mean? I understand about the valid users part.It is expanded to the share name which is also, in the homes case, the username.
So, what does the valid users = %S mean? More precisely what does the %S mean? I understand about the valid users part. Paul Espinosa, IS Technician Sunflower Cablevision ptech@sunflower.com 785-312-6912> -----Original Message----- > From: samba-admin@us4.samba.org [mailto:samba-admin@us4.samba.org]On > Behalf Of Giulio Orsero > Sent: Wednesday, October 04, 2000 1:42 AM > To: Samba > Subject: Re: Home dirs. > > > On Wed, 4 Oct 2000 09:43:09 +0200, you wrote: > > >I discovered that user1 can view other homedirs if the other > user, say user2, is logged in, by simply typing in the network > neighbourhood \\server\user2. > >is this a bug, or are there work arounds, or is it my fault? my > os is RedHat 6.2 and Samba 2.0.7 > > > Are you using > valid users = %S > in the [homes] section? > > Without that, see what happens from win9x doing > start, \\sambaserver\nobody ... > > > -- > giulioo@pobox.com >
On Wed, 4 Oct 2000, Hilbert Mostert wrote:> I discovered that user1 can view other homedirs if the other user, say > user2, is logged in, by simply typing in the network neighbourhood > \\server\user2. > is this a bug, or are there work arounds, or is it my fault? my os is > RedHat 6.2 and Samba 2.0.7That is expected. If user1 and user2 where Unix shell users then they would be able to see each other's files too. If this isn't desired behaviour then change the Unix permissions on the User's home directories so that only the owner has read/search permission (for more information see Unix man pages on chmod and umask, and the smb.conf "create mask" parameter). Regards, -- Neil Hoggarth Departmental Computer Officer <neil.hoggarth@physiol.ox.ac.uk> Laboratory of Physiology http://www.physiol.ox.ac.uk/~njh/ University of Oxford, UK