Federico Sevilla III
2002-Feb-05 12:36 UTC
[Samba] Home directories and "guest ok" (was: Samba 2.2.3-1 package concerns)
Eloy, (cc Steve Langasek) (cc Samba Mailing List) Thank you very much for your timely response and your accurate assessment of the situation with browsing home directories. I'm sending a copy of this reply to the Samba mailing list since it looks like my questions to follow don't have much to do with the Debian package per se, anymore. On Tue, 5 Feb 2002 at 10:43, Eloy A. Paris wrote:> What's happening is that there is a system user called 'backup' (see > /etc/passwd, see the home directory for this user) and the [homes] share > in smb.conf is creating the 'backup' user's home directory on the fly. > If you can browse the share you need to check the value of 'guest ok'. > If it is 'yes' then the contents of your [homes] shares will be visible > to anyone.[Introduction to the Samba list: I found out quite by accident that if I browsed //myserver/backup I got a list of files in /var/backups, which I later found out thanks to Eloy is because Samba is browsing the home directory of the user 'backup' which is /var/backups.] According to the smb.conf(5) manpage "guest ok" is supposed to be defined per service. I just checked my smb.conf and found that "guest ok = yes" was only set in my netlogon, and printers services. Neither the "guest ok" nor "public" directives appeared anywhere else. I've already removed all "guest ok" directives for debugging purposes and have found that one can still browse //myserver/backup (or the home directories of other system accounts). Note, however, that at this point a user -is- logged on. The server doesn't show anything to a computer where a user has not properly logged on. I also tried setting "guest ok = no" in the homes service, but browsing the home directories of accounts like the 'backup' user is still possible. This is not really that critical, since connections are made using the user's account so one is still limited to his/her permissions. But it's still not very nice. I wonder what's going on. Any ideas? Thanks a lot in advance! :) --> Jijo -- Federico Sevilla III :: jijo@leathercollection.ph Network Administrator :: The Leather Collection, Inc. GnuPG Key: jijo.leathercollection.ph/jijo.gpg