Hello, All.
We have Samba 2.0.7 running on Red Hat 6.2 (up for 351 days!) and have
discovered the following
anomaly:
There is a share called "appsg" that contains a number of folders,
including one called
OfficeTemplates. The share definition in smb.conf is:
[appsg]
comment = Apps in Applications
path=/home/applications/apps
public = No
read only = Yes
write list = @staff
printable = No
The other day we noticed that for one user, Jared, Word was opening temporary
files in the
OfficeTemplates folder on that share. These files were like ~normal.dot, and
were being created
read-write! From his PC, we attempted to create or save a file to the above
share, but the process
was denied because the share is read-only to everyone but the I.T. staff. (As
expected.)
It turns out that his Word was configured to point at the share for his user
templates. When we
changed that so user templates were on his local C:\ drive, and the workgroup
templates location
was the appsg\OfficeTemplates folder, these temporary files did not appear.
The question is: why did Samba allow Word to create the temporary files on the
read-only share? No
warning was received, nor was anything logged in the Samba logs. Now that we
have his Office
configured properly, it's not an issue, but I'm at a loss for an
explanation, and the NT guys here
are laughing up their sleeves at this perceived security hole in Linux/Samba.
Thanks very much for any clues.
--
Bill Grzanich
IT Manager
ORGANICS/LaGrange, Inc.
Just a few ignorant questions/comments here. Isn't this really a security issue for Word? Would an NT server allow this to happen to it? To track down this problem, I would set log level =3, misconfigure his Word again, and watch the interaction. Would changing permissions on the /home/applications/apps directory get around this? Making the linux directory writable only by staff might prevent this. Is security by share or by user? What user name does samba run under if security = share ? Joel On Wed, Nov 14, 2001 at 10:06:57AM -0600, Bill Grzanich wrote:> Hello, All. > > We have Samba 2.0.7 running on Red Hat 6.2 (up for 351 days!) and have discovered the following > anomaly: > > There is a share called "appsg" that contains a number of folders, including one called > OfficeTemplates. The share definition in smb.conf is: > > [appsg] > comment = Apps in Applications > path=/home/applications/apps > public = No > read only = Yes > write list = @staff > printable = No > > The other day we noticed that for one user, Jared, Word was opening temporary files in the > OfficeTemplates folder on that share. These files were like ~normal.dot, and were being created > read-write! From his PC, we attempted to create or save a file to the above share, but the process > was denied because the share is read-only to everyone but the I.T. staff. (As expected.) > > It turns out that his Word was configured to point at the share for his user templates. When we > changed that so user templates were on his local C:\ drive, and the workgroup templates location > was the appsg\OfficeTemplates folder, these temporary files did not appear. > > The question is: why did Samba allow Word to create the temporary files on the read-only share? No > warning was received, nor was anything logged in the Samba logs. Now that we have his Office > configured properly, it's not an issue, but I'm at a loss for an explanation, and the NT guys here > are laughing up their sleeves at this perceived security hole in Linux/Samba. > > Thanks very much for any clues. > > -- > Bill Grzanich > IT Manager > ORGANICS/LaGrange, Inc. > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba
Hi, Joel. (Comments at end)>On Wed, Nov 14, 2001 at 10:06:57AM -0600, Bill Grzanich wrote: >> Hello, All. >> >> We have Samba 2.0.7 running on Red Hat 6.2 (up for 351 days!) and have discovered the following >> anomaly: >> >> There is a share called "appsg" that contains a number of folders, including one called >> OfficeTemplates. The share definition in smb.conf is: >> >> [appsg] >> comment = Apps in Applications >> path=/home/applications/apps >> public = No >> read only = Yes >> write list = @staff >> printable = No >> >> The other day we noticed that for one user, Jared, Word was opening temporary files in the >> OfficeTemplates folder on that share. These files were like ~normal.dot, and were being created >> read-write! From his PC, we attempted to create or save a file to the above share, but theprocess>> was denied because the share is read-only to everyone but the I.T. staff. (As expected.) >> >> It turns out that his Word was configured to point at the share for his user templates. When we >> changed that so user templates were on his local C:\ drive, and the workgroup templates location >> was the appsg\OfficeTemplates folder, these temporary files did not appear. >> >> The question is: why did Samba allow Word to create the temporary files on the read-only share?No>> warning was received, nor was anything logged in the Samba logs. Now that we have his Office >> configured properly, it's not an issue, but I'm at a loss for an explanation, and the NT guyshere>> are laughing up their sleeves at this perceived security hole in Linux/Samba. >> >> Thanks very much for any clues.Original message from: Joel Hammer>Just a few ignorant questions/comments here. >Isn't this really a security issue for Word?Probably. I was just curious if anyone else had observed similar behavior and perhaps had an explanation for why this was happening.>Would an NT server allow this to happen to it?Good question. We may have to try that.>To track down this problem, I would set log level =3, misconfigure his Word >again, and watch the interaction.Yes, also a good idea.>Would changing permissions on the /home/applications/apps directory get >around this? Making the linux directory writable only by staff might prevent >this.That's what we have, isn't it? Oh, you mean the Linux permissions! That would likely work, but shouldn't Samba have accomplished the same thing? And that's the real point of my original message. Why did Samba allow this? Frankly, it's moot at this point, but still odd.>Is security by share or by user? What user name does samba run under if >security = share ?Security = domain. We have NT servers for PDC and BDC, and users authenticate against them. Thanks for the suggestions. That gives me something to try. Of course, since this is a production machine, my options for playing are a bit limited, but I'll see what I can do. Best regards, -- Bill Grzanich IT Manager ORGANICS/LaGrange, Inc.
Since you have an NT server doing authentication for a windows box running word, this sounds like a Microsoft problem, in my ignorant opinion. Joel P.S. I am not just being modest when I say ignorant!
Thanks for the suggestions, everyone. The actual problem was one of misinformation, and stupidity. We have another share defined that maps to a higher directory in the same tree. The problem user had been configured to access the templates folder through that higher, less secured, share. We will now rearrange some of the directories to a more rational structure, so that the areas that are supposed to be protected can't be accessed through a less secure point. Sorry for the wasted bandwidth and time all around. I do appreciate your efforts. Best regards, -- Bill Grzanich IT Manager ORGANICS/LaGrange, Inc.
On Wed, 21 Nov 2001, Ariel Mella wrote:> it is posible to use 2 VFS module at the same time?? > how?Not currently. cheers, jerry --------------------------------------------------------------------- www.samba.org SAMBA Team jerry_at_samba.org www.plainjoe.org jerry_at_plainjoe.org http://www.hp.com Hewlett-Packard gerald_carter_at_hp.com --"I never saved anything for the swim back." Ethan Hawk in Gattaca--