Before I reply, please take my response in the light it's meant, which is curious interest and intrigue. I'm not and don't want to drag this out into a full blown dissemination of Windows security.
The 'admins' directive in the CONF file holds a list of Admin users, and gives elevated privileges to those accounts. I'm at a loss to see how this differs from also giving root visibility to the same users. I see this one of two ways. Either there isn't enough faith in the SAMBA code to feel that it's a robust secure system (I personally think it is), or there's a paranoia amongst the community. Given the way Windows is constantly hacked, this second observation may well be indirectly true. My background is over 20 years administrating an OpenVMS system (THE most secure O/S available). The reason I say this is because a single cluster could (and does) have hundreds of visible volumes, that change frequently. To continually reconfigure the CONF file although not impossible, would be somewhat arduous. As has already been stated, Samba doesn't allow for the automatic 'hidden' presentation of these volumes. The product I was using (Pathworks) which emulates a Windows NT member server did, and despite some of the posts, it is a nice feature to have. I'm happy to leave it there and work with what's available, or hear peoples opinions on the above. Thanks, Robert (A Grateful OpenSource Developer and User) -----Original Message----- From: Jeremy Allison [mailto:[email protected]] Sent: 02 July 2010 17:34 To: Atkinson, Robert Cc: Jeremy Allison; [email protected] Subject: Re: [Samba] Default Hidden Disk Shares On Fri, Jul 02, 2010 at 09:05:52AM +0100, Atkinson, Robert wrote: > Interesting to see you say it's dangerous. The way the Windows version works > is that you have to be part of the Administrator group to be able to see > them, which I would have thought secure enough? Sure, we could make it a root-only export. The problem is, if we have a security issue (and these have been known to happen from time to time), you've exported your entire filesystem out *without a way to turn it off*. That's the problem with doing it by default. > Who would I contact to request this as a feature enhancement? Just add the relevent share to your smb.conf files. Jeremy. *********************************************************************************** Any opinions expressed in email are those of the individual and not necessarily those of the company. This email and any files transmitted with it are confidential and solely for the use of the intended recipient or entity to whom they are addressed. It may contain material protected by attorney-client privilege. If you are not the intended recipient, or a person responsible for delivering to the intended recipient, be advised that you have received this email in error and that any use is strictly prohibited. Random House Group + 44 (0) 20 7840 8400 http://www.randomhouse.co.uk http://www.booksattransworld.co.uk http://www.kidsatrandomhouse.co.uk Generic email address - [email protected] Name & Registered Office: THE RANDOM HOUSE GROUP LIMITED 20 VAUXHALL BRIDGE ROAD LONDON SW1V 2SA Random House Group Ltd is registered in the United Kingdom with company No. 00954009, VAT number 102838980 *********************************************************************************** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
