samba - Apr 2002 - "/" shows up as home directory for "nobody" - available to any user

Strange thing:
After being logged on to samba-PDC (2.2.3a, LDAP) I see besides the user's
home directory a home directory for user "nobody" - containing the
root file
system of my samba server.
The relevant parts in smb.conf looks like this:

guest account = pcguest	(if not set it defaults to "nobody" - this
should
turn it off)

[homes]
comment = Home Directories
browseable = no
writable = yes


The entry in /etc/passwd for "nobody" is:
nobody:x:99:99:Nobody:/:/sbin/nologin

There is no entry for "nobody" in the LDAP database, not is there
anywhere
an account for "guest".


Looks like this entry is the key - the "/" for the home dir.
Since I really don't want everybody to have read access to everything on my
hard drive, can anyone point me to how I can fix this?
I guess, I could change nobody's home dir to something else - but what would
that break?
I'd rather find out why samba shares it out to begin with - is there a way
to turn it off?

Thanks,
Thomas


Thomas Klettke
thomask@aesbus.com
Network Administrator
Aesbus Knowledge Solutions
Houston, TX 77069

"The instructions said to use Windows 98 or better, so I installed
RedHat."

> Strange thing:
> After being logged on to samba-PDC (2.2.3a, LDAP) I see besides the
user's
> home directory a home directory for user "nobody" - containing
the root file
> system of my samba server.
> The relevant parts in smb.conf looks like this:
> 
> guest account = pcguest	(if not set it defaults to "nobody" -
this should
> turn it off)
> 
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
> 
> 
> The entry in /etc/passwd for "nobody" is:
> nobody:x:99:99:Nobody:/:/sbin/nologin
> 
> There is no entry for "nobody" in the LDAP database, not is there
anywhere
> an account for "guest".
> 
> 
> Looks like this entry is the key - the "/" for the home dir.
> Since I really don't want everybody to have read access to everything
on my
> hard drive, can anyone point me to how I can fix this?
> I guess, I could change nobody's home dir to something else - but what
would
> that break?
> I'd rather find out why samba shares it out to begin with - is there a
way
> to turn it off?
Add:
  valid users = %S 
  # [homes] erzeugt shares der Art [<username>]
  # Zu jeder share kann jeder user verbinden, auch zu den 
  # Systemaccounts !!
  # obiger Eintrag verhindert das.
To the [homes] section in smb.conf. You may leave out the comment :-)
With this "valid users" only an authenticated nobody can access
it's
home through samba. And with your /etc/passwd there will never be an 
authenticated nobody.

Christian

               _(_)_                          wWWWw   _
   @@@@       (_)@(_)   vVVVv     _     @@@@  (___) _(_)_
  @@()@@ wWWWw  (_)\    (___)   _(_)_  @@()@@   Y  (_)@(_)
   @@@@  (___)     `|/    Y    (_)@(_)  @@@@   \|/   (_)\
    /      Y       \|    \|/    /(_)    \|      |/      |
 \ |     \ |/       | / \ | /  \|/       |/    \|      \|/
jgs|//   \\|///  \\\|//\\\|/// \|///  \\\|//  \\|//  \\\|// 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^