> Danke, das war's. > Aber: Waere es nicht besser, wenn fuer "nobody" gar nicht erst eine Share da > waere?
Das liegt am System, wie aus [homes] Shares werden. Ist in man smb.conf erkl�rt und im wesentlichen so, das wenn Du zu einer Share verbindest, zuerst geschaut wird, ob sie expliziet definiert ist. Und wenn nicht, ob sie sich aus den Benutzernamen in /etc/passwd generieren l��t. So kann jeder zu jedem Homverzeichnis verbinden. Also User1 auch zu \\server\User2, zu \\server\xfs, \\server\root, . Und nobody ist u.a. wg. browsing immer dabei, vgl. smbstatus ... Auch darum immer auf die richtigen Unix-Rechte achten. Valid Users = %S verhindert genau dieses Verhalten. Bin da selber drauf rein geflogen ;-) Christian > Thomas > > Thomas Klettke > [EMAIL PROTECTED] > Network Administrator > Aesbus Knowledge Solutions > 4606 FM1960 West, Suite 610 > Houston, TX 77069 > > phone: +1 (281) 587-2247 ext 111 > fax: +1 (281) 587-1593 > fax in Deutschland: (089) 2443 - 10378 > > "The instructions said to use Windows 98 or better, so I installed RedHat." > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of Christian Barth > Sent: Thursday, April 25, 2002 11:03 AM > To: [EMAIL PROTECTED]; Thomas Klettke > Subject: Re: [Samba] "/" shows up as home directory for "nobody" - > available to any user > > > > Strange thing: > > After being logged on to samba-PDC (2.2.3a, LDAP) I see besides the user's > > home directory a home directory for user "nobody" - containing the root > file > > system of my samba server. > > The relevant parts in smb.conf looks like this: > > > > guest account = pcguest (if not set it defaults to "nobody" - this should > > turn it off) > > > > [homes] > > comment = Home Directories > > browseable = no > > writable = yes > > > > > > The entry in /etc/passwd for "nobody" is: > > nobody:x:99:99:Nobody:/:/sbin/nologin > > > > There is no entry for "nobody" in the LDAP database, not is there anywhere > > an account for "guest". > > > > > > Looks like this entry is the key - the "/" for the home dir. > > Since I really don't want everybody to have read access to everything on > my > > hard drive, can anyone point me to how I can fix this? > > I guess, I could change nobody's home dir to something else - but what > would > > that break? > > I'd rather find out why samba shares it out to begin with - is there a way > > to turn it off? > Add: > valid users = %S > # [homes] erzeugt shares der Art [<username>] > # Zu jeder share kann jeder user verbinden, auch zu den > # Systemaccounts !! > # obiger Eintrag verhindert das. > To the [homes] section in smb.conf. You may leave out the comment :-) > With this "valid users" only an authenticated nobody can access it's > home through samba. And with your /etc/passwd there will never be an > authenticated nobody. > > Christian > > _(_)_ wWWWw _ > @@@@ (_)@(_) vVVVv _ @@@@ (___) _(_)_ > @@()@@ wWWWw (_)\ (___) _(_)_ @@()@@ Y (_)@(_) > @@@@ (___) `|/ Y (_)@(_) @@@@ \|/ (_)\ > / Y \| \|/ /(_) \| |/ | > \ | \ |/ | / \ | / \|/ |/ \| \|/ > jgs|// \\|/// \\\|//\\\|/// \|/// \\\|// \\|// \\\|// > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > _(_)_ wWWWw _ @@@@ (_)@(_) vVVVv _ @@@@ (___) _(_)_ @@()@@ wWWWw (_)\ (___) _(_)_ @@()@@ Y (_)@(_) @@@@ (___) `|/ Y (_)@(_) @@@@ \|/ (_)\ / Y \| \|/ /(_) \| |/ | \ | \ |/ | / \ | / \|/ |/ \| \|/ jgs|// \\|/// \\\|//\\\|/// \|/// \\\|// \\|// \\\|// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
