Stephen
2019-Apr-16 10:40 UTC
[Samba] The wisdom - or otherwise - of replacing outright rather than merely appending to the example smb.conf file shipped with SAMBA during new server commissioning?
I have a general question regarding smb.conf and I was hoping that some of the rather more knowledgeable and experienced people here could please comment please? I am currently setting my various SAMBA systems up via some shell-scripts. Within these scripts, I remove the stock smb.conf shipped with Samba and replace this with an empty smb.conf file to which I add my own configuration options afterwards. Obviously I COULD instead simply append my changes to the existing file. However currently i just remove the existing smb.conf and start again with a blank file because the alternative seemed like more hassle! Am I potentially risking the security of my systems by replacing the stock smb.conf shipped with Samba in this way? Obviously doing what I have just described will erase all the default configuration settings shipped in the installation. Are any of the shipped default configuration parameters essential to have from a security perspective? Am I doing something stupid here? Thanks Stephen Ellwood
L.P.H. van Belle
2019-Apr-16 11:12 UTC
[Samba] The wisdom - or otherwise - of replacing outright rather than merely appending to the example smb.conf file shipped with SAMBA during new server commissioning?
Hai, There is nothing wrong with replacing the smb.conf files. So do you thing, just try to filter out the server type and its specific settings For example, a AD-domain member smb.conf is NOT AD-DC compliant! Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Stephen via samba > Verzonden: dinsdag 16 april 2019 12:40 > Aan: samba at lists.samba.org > Onderwerp: [Samba] The wisdom - or otherwise - of replacing > outright rather than merely appending to the example smb.conf > file shipped with SAMBA during new server commissioning? > > I have a general question regarding smb.conf and I was hoping > that some > of the rather more knowledgeable and experienced people here could > please comment please? > > I am currently setting my various SAMBA systems up via some > shell-scripts. Within these scripts, I remove the stock > smb.conf shipped > with Samba and replace this with an empty smb.conf file to > which I add > my own configuration options afterwards. Obviously I COULD instead > simply append my changes to the existing file. However > currently i just > remove the existing smb.conf and start again with a blank > file because > the alternative seemed like more hassle! > > Am I potentially risking the security of my systems by replacing the > stock smb.conf shipped with Samba in this way? Obviously doing what I > have just described will erase all the default configuration settings > shipped in the installation. > Are any of the shipped default configuration parameters essential to > have from a security perspective? Am I doing something stupid here? > > Thanks > Stephen Ellwood > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Rowland Penny
2019-Apr-16 11:16 UTC
[Samba] The wisdom - or otherwise - of replacing outright rather than merely appending to the example smb.conf file shipped with SAMBA during new server commissioning?
On Tue, 16 Apr 2019 11:40:10 +0100 Stephen via samba <samba at lists.samba.org> wrote:> I have a general question regarding smb.conf and I was hoping that > some of the rather more knowledgeable and experienced people here > could please comment please? > > I am currently setting my various SAMBA systems up via some > shell-scripts. Within these scripts, I remove the stock smb.conf > shipped with Samba and replace this with an empty smb.conf file to > which I add my own configuration options afterwards. Obviously I > COULD instead simply append my changes to the existing file. However > currently i just remove the existing smb.conf and start again with a > blank file because the alternative seemed like more hassle!I take it you mean you are doing something like this: rm -f /etc/samba/smb.conf cat > /etc/samba/smb.conf <<EOF [global] whatever lines you want ............ ........... ........ [ashare] ........... ....... .... EOF There is no problem with doing this, unless you are doing this on a DC, in which case I would use 'sed' to add lines into the existing smb.conf> > Am I potentially risking the security of my systems by replacing the > stock smb.conf shipped with Samba in this way? Obviously doing what I > have just described will erase all the default configuration settings > shipped in the installation.It wont actually, if a line isn't there, then a default setting may be used and it might not be what you want.> Are any of the shipped default configuration parameters essential to > have from a security perspective? Am I doing something stupid here?Provided the required lines are in smb.conf before you start Samba, you will not have a problem, but if a line is missing, then the default setting will be used. For instance, if you do not enter a line that begins 'workgroup =', then the default workgroup name 'WORKGROUP' will be used. Rowland
Stephen
2019-Apr-16 12:00 UTC
[Samba] The wisdom - or otherwise - of replacing outright rather than merely appending to the example smb.conf file shipped with SAMBA during new server commissioning?
Thanks very much for your advice Rowland and Louis. Much appreciated. Stephen On 16/04/2019 11:40, Stephen via samba wrote:> I have a general question regarding smb.conf and I was hoping that > some of the rather more knowledgeable and experienced people here > could please comment please? > > I am currently setting my various SAMBA systems up via some > shell-scripts. Within these scripts, I remove the stock smb.conf > shipped with Samba and replace this with an empty smb.conf file to > which I add my own configuration options afterwards. Obviously I COULD > instead simply append my changes to the existing file. However > currently i just remove the existing smb.conf and start again with a > blank file because the alternative seemed like more hassle! > > Am I potentially risking the security of my systems by replacing the > stock smb.conf shipped with Samba in this way? Obviously doing what I > have just described will erase all the default configuration settings > shipped in the installation. > Are any of the shipped default configuration parameters essential to > have from a security perspective? Am I doing something stupid here? > > Thanks > Stephen Ellwood > >
Reasonably Related Threads
- Incorrect Example in Samba User Management Documentation
- Questions about time synchronisation in a multi-DC Samba environment
- The Wisdom of the Crowd and Wine Critic Ratings
- Call Recording using MixMonitor - close, but would like some more words of wisdom.
- Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.