The problem I have with this, using 2.2.8a on Solaris is any user can open any other's home if they simply know the name of the other user. logging in as rpetty, I can open NOBODY, ROOT, UUCP etc. I have to be able to limit the ability. What perplexes me is that even when I am not sharing [homes], I can still open the "NOBODY" share. Since nobody's home directory was "/" it would open the root directory! In case it matters, I am using Winbind for my security model (security = domain) but am having considerable issues with querying trusted domains. Winbind is being very painful with 7-9 second connection times for each share or files within shares. This only happens when the Winbind timeout time lapses so I've bumped it up to 300 seconds. Not _as_ painful but still too painful for production.
> -----Original Message----- > From: John H Terpstra [mailto:[EMAIL PROTECTED] > Sent: Friday, September 26, 2003 10:05 AM > To: Chris Smith > Cc: [EMAIL PROTECTED] > Subject: Re: [Samba] valid users = %S in rc4 > > > Guys, > > The homes share should be set to be "browsable = No". > Do NOT set the "valid users = %S" on the homes share. > > - John T. > > > On Fri, 26 Sep 2003, Chris Smith wrote: > > > On Friday 26 September 2003 10:26, Derek T. Yarnell wrote: > > > I see this problem too. I thought that I was going crazy. > > > > > > On Fri, Sep 26, 2003 at 10:14:36AM -0400, Chris Smith wrote: > > > > On Friday 26 September 2003 00:15, Hannu Tikka wrote: > > > > > After upgrading rc2 -> rc4 (suse binary packages) > > > > > > > > > > line 'valid users = %S' in [homes] section prevents > user getting to his > > > > > homedirectory > > > > > > > > Same change occured here when upgrading from 2.2.7a to > the 3.0.0 release. > > > > Not only that but here I also see the homes share exposed > twice in browse > > lists, both as "homes" and also as the usersname with both > shares being the > > users home directory for that user. This is also different > from previous > > versions. > > > > Chris > > > > -- > John H Terpstra > Email: [EMAIL PROTECTED] > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba