Hi. I am running 3.0.20.
1. I would like to have an include statement pointing to user
configurations. For a user, say 'mike', the following works:
include = /home/mike/smb.conf
But this does not:
include = /home/%u/smb.conf
I am using a very simple config with 'security = user'. What am I doing
wrong?
I cannot get any log feedback from this ('testparm' says it cannot
locate
the include file but I take this as normal since it cannot make the
substitution).
2. I have disabled printing using:
disable spoolss = yes
My logs are filling up with messages (every 30 minutes):
printing/print_cups.c:cups_cache_reload(85)
Unable to connect to CUPS server localhost - Connection refused
How can I stop this from happening?
3. Is there any way to have a truly anonymous connection? Currently I
have a guest user set up on my host and I connect by inputing this
username with blank password. I do not want to have to enter anything. I
do not want even the pop-up box to appear when I click on the
corresponding share icon. Is this possible?
This is what I currently have:
[global]
security = user
guest account = guest
[share]
guest ok = yes
Thanks to anyone who can assist.
--
Peter
__________________________________________________________
Find your next car at http://autos.yahoo.ca
> 1. I would like to have an include statement pointing to user > configurations. For a user, say 'mike', the following works: > > include = /home/mike/smb.conf > > But this does not: > > include = /home/%u/smb.confI'm by no means an expert, but I would try: include = %H/smb.conf According to the manpage, you cannot use the %u variable: --------------------------------- include (G) This allows you to include one config file inside another. The file is included literally, as though typed in place. It takes the standard substitutions, except %u, %P and %S. Default: include Example: include = /usr/local/samba/lib/admin_smb.conf -- Best regards, Charles
On 2/19/06, Peter <petermatulis@yahoo.ca> wrote:> 2. I have disabled printing using: > > disable spoolss = yes > > My logs are filling up with messages (every 30 minutes): > > printing/print_cups.c:cups_cache_reload(85) > Unable to connect to CUPS server localhost - Connection refused > > How can I stop this from happening?"disable spoolss" doesn't disable printing completely, it just disables the newer SPOOLSS style of printing. To disable printing completely: load printers = no printing = bsd printcap name = /dev/null Josh Kelley
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter wrote:> Hi. I am running 3.0.20. > > 1. I would like to have an include statement pointing to user > configurations. For a user, say 'mike', the following works: > > include = /home/mike/smb.conf > > But this does not: > > include = /home/%u/smb.confThis is a really bad idea btw. You are allowing your users to easily gain root access to teh server. But if you really want don't mind this, try: include = /home/%U/smb.conf> 2. I have disabled printing using: > > disable spoolss = yes > > My logs are filling up with messages (every 30 minutes): > > printing/print_cups.c:cups_cache_reload(85) > Unable to connect to CUPS server localhost - Connection refused[global] printing = bsd printcap name = /dev/null> 3. Is there any way to have a truly anonymous connection?- ------- smb.conf ---------------------- [global] security = user map to guest = bad user username map = /etc/samba/smbusers guest ok = yes guest account = nobody - ------- smbusers file --- !foo = * cheers, jerry ====================================================================I live in a Reply-to-All world ----------------------- Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD+dehIR7qMdg1EfYRAtLUAKCxry6gojrjKu3jOy7V9+RJMp7QagCgmJS7 RVP74EV+b313nvwpQEAYHiU=XLZh -----END PGP SIGNATURE-----
For the user profile.... If he were to use a different path say /etc/samba/%U ... Then the user would no longer have root access to the machine right? Does the config below allow root access because it is an include and could possibly execute code, this along with the fact the user can look at and (maybe) even edit the include file? Many thanks, MJ Barber -----Original Message----- From: samba-bounces+mjbarber=hearst.com@lists.samba.org [mailto:samba-bounces+mjbarber=hearst.com@lists.samba.org] On Behalf Of Gerald (Jerry) Carter Sent: Monday, February 20, 2006 9:52 AM To: petermatulis@yahoo.ca Cc: samba@lists.samba.org Subject: Re: [Samba] 3 simple questions -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter wrote:> Hi. I am running 3.0.20. > > 1. I would like to have an include statement pointing to user > configurations. For a user, say 'mike', the following works: > > include = /home/mike/smb.conf > > But this does not: > > include = /home/%u/smb.confThis is a really bad idea btw. You are allowing your users to easily gain root access to teh server. But if you really want don't mind this, try: include = /home/%U/smb.conf> 2. I have disabled printing using: > > disable spoolss = yes > > My logs are filling up with messages (every 30 minutes): > > printing/print_cups.c:cups_cache_reload(85) > Unable to connect to CUPS server localhost - Connection refused[global] printing = bsd printcap name = /dev/null> 3. Is there any way to have a truly anonymous connection?- ------- smb.conf ---------------------- [global] security = user map to guest = bad user username map = /etc/samba/smbusers guest ok = yes guest account = nobody - ------- smbusers file --- !foo = * cheers, jerry ====================================================================I live in a Reply-to-All world ----------------------- Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD+dehIR7qMdg1EfYRAtLUAKCxry6gojrjKu3jOy7V9+RJMp7QagCgmJS7 RVP74EV+b313nvwpQEAYHiU=XLZh -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba ===========================================================This e-mail message is intended for the personal use of the recipient(s) named above. If you are not an intended recipient, you may not review, copy or distribute this message. If you have received this communication in error, please notify the Hearst Information Services HelpDesk (helpdesk@hearst.com) immediately by e-mail and delete the original message. ============================================================
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MJBarber@Hearst.com wrote:> For the user profile.... > > If he were to use a different path say /etc/samba/%U ... > Then the user would no longer have root access to the > machine right? > > Does the config below allow root access because it is > an include and could possibly execute code, this along with > the fact the user can look at and (maybe) even edit > the include file?if the user can write to the included file, the user can get root access. Viewing the file is no problem as smb.conf is generally world readable anyways. Jeremy is working on a per user share configuration that would allow a user to manipulate shares in their own home directory. That feature is slated for 3.0.22. cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD+ejsIR7qMdg1EfYRAhWUAKDzqX1w2fB3Fm2aVd25HLYtiBSliQCgzY+n yKwifMjU9H9jQ/m+aPBSrE8=DK0W -----END PGP SIGNATURE-----
--- "Gerald (Jerry) Carter" <jerry@samba.org> wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 >[snip]> if the user can write to the included file, the user can > get root access.How? -- Peter __________________________________________________________ Find your next car at http://autos.yahoo.ca
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter wrote:> --- "Gerald (Jerry) Carter" <jerry@samba.org> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> > > [snip] > >> if the user can write to the included file, the user can >> get root access. > > How?[myshare] path = / force user = root cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD+hEbIR7qMdg1EfYRAnSbAJ4nvyD+jsljP1kw7ycj8IizjKqq9QCgnHcA Vte0aybwH7b8Wgef3n/DnoM=Fby4 -----END PGP SIGNATURE-----