On 05/07/10 05:00 AM, Atkinson, Robert wrote:
Before I reply, please take my response in the light it's meant, which is
curious interest and intrigue. I'm not and don't want to drag this out into a
full blown dissemination of Windows security.
The 'admins' directive in the CONF file holds a list of Admin users, and
gives elevated privileges to those accounts. I'm at a loss to see how this
differs from also giving root visibility to the same users.
I see this one of two ways. Either there isn't enough faith in the SAMBA code
to feel that it's a robust secure system (I personally think it is), or
there's a paranoia amongst the community. Given the way Windows is constantly
hacked, this second observation may well be indirectly true.
My background is over 20 years administrating an OpenVMS system (THE most
secure O/S available). The reason I say this is because a single cluster
could (and does) have hundreds of visible volumes, that change frequently. To
continually reconfigure the CONF file although not impossible, would be
somewhat arduous.
As has already been stated, Samba doesn't allow for the automatic 'hidden'
presentation of these volumes. The product I was using (Pathworks) which
emulates a Windows NT member server did, and despite some of the posts, it is
a nice feature to have.
I'm happy to leave it there and work with what's available, or hear peoples
opinions on the above.
Thanks, Robert
(A Grateful OpenSource Developer and User)
You have to remember that Windows was never intended to be a
enterprise-level OS. It's been evolving but still has a lot of hard to
remove vestiges of it's desktop past. Some of them are hard to remove
and often date back to a time when MS-DOS ran on 64k machines.
The notion of automatically sharing files may have made some sense way
back when it was hard enough to get a PC network to even operate, but it
is a security hole that shouldn't exist. The problem, like many Windows
problems, is when a bug is old enough it becomes a feature.
No one should need access to the entire file system as a share. In all
my years looking after Windows servers, I certainly never did. Nor did I
ever hear anyone have a good reason for doing so. I'm not saying that
they don't exist, but if you really need to share a file system, Samba
doesn't stop you from doing it.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
