In response to my original Q (see below) i'm sending my entire smb.conf in
the hope that someone can tell me why user's homedirs in an nfs/nis
environment
arent protected:
[global]
; Basic server settings
netbios name = hop
workgroup = guard
# security addition from SANS http://www.sans.org/top20/#W6
lanman auth = no
min protocol = NT1
lm announce = no
# Files with permissions set to prevent access shouldn't even appear
hide unreadable = yes
# Prevent browsing by default
browseable = no
domain admin group = gentot
; we should act as the domain and local master browser
os level = 64
preferred master = yes
domain master = yes
local master = yes
hosts deny = 0.0.0.0/0
hosts allow = 1.2.3.4
# tells Samba to use a separate log file for each machine that connects
log file = /scratch/local/app/samba/current/var/log.%m
# default is only to log critical messages
log level = 1
# Put a capping on the size of the log files (in Kb).
max log size = 90
# this option gives better performance
# See speed.txt and the manual pages for details
socket options = TCP_NODELAY
; security settings (must be security = user)
security = user
; encrypted passwords are a requirement for a PDC
encrypt passwords = yes
; support domain logons
domain logons = yes
; where to store user profiles?
logon path = \\hop\profiles\%u
; where is a user's home directory and where should it
; be mounted at?
logon drive = Y:
; specify a generic logon script for all users
; this is a relative **DOS** path to the [netlogon] share
logon script = logon.bat
; necessary share for domain controller
[netlogon]
path = /scratch/local/app/samba/current/lib/netlogon
read only = yes
write list = gentot
; share for storing user profiles
[profiles]
path = /export/smb/profiles/%u
read only = no
create mask = 0600
directory mask = 0700
load printers = yes
printing = cups
printcap name = cups
printer admin = gentot
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
public = yes
guest ok = no
writable = no
printable = yes
printer admin = gentot
[print$]
comment = Printer Config
path = /export/smb/cups
browseable = yes
guest ok = no
read only = yes
write list = gentot
[homes]
guest ok = no
read only = no
create mask = 0700
directory mask = 0700
preserve case = yes
locking = no
oplocks = no
>-- Original-Message --
>Date: Sun, 15 Jun 2003 22:45:27 -0400
>From: Mark Verhyden <marksv@earthlink.net>
>To: garvald@bluemail.ch
>Subject: Re: [Samba] mount other users with 0755 perms
>
>
>Please post your entire smb.conf file in order for people to see the
>whole picture.
>
>Mark
>
>garvald@bluemail.ch wrote:
>> Hallo
>> I recently setup samba v 2.2.8a and have the following options for
[homes]
>> set in my smb.conf:
>>
>> [homes]
>> guest ok = no
>> read only = no
>> create mask = 0700
>> directory mask = 0700
>> preserve case = yes
>> locking = no
>> oplocks = no
>>
>> Im on a NIS/NFS net. The problem is I can mount anyone elses directory
>with
>> no password if they have 0755 homedir perms. No username/password login
>appears,
>> the directory is mounted and I have access to all files. Other
directories
>> which do not allow world access produce an error saying they're not
accessible,
>> which isnt good, I would prefer a username + pwd window to appear.
>>
>> what options do I need in order to protect 0755 dirs and for all
directories
>> to be accessible through username + pwd ?
>>
>> thanks for the help
>> AlanCB
>>
>
>
>