Quoting Daniel Fernández ([EMAIL PROTECTED]): > Well, at least we have the filesystem privileges to protect the > sensitive data. But I dont like this bug, anyway.
So don't we.
I think it's probably time to apply one of the patches used in Ubuntu:
--- smb.conf~ 2007-01-31 06:01:20.973216065 +0100
+++ smb.conf 2007-02-11 10:48:13.463426021 +0100
@@ -223,6 +223,11 @@
# create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0700
+# Restrict access to home directories
+# to the one of the authenticated user
+# This might need tweaking when using external authentication schemes
+ valid users = %S
+
# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
With this, at least the default setup will not expose such valid
system users home directories to others.
signature.asc
Description: Digital signature
