On Fri, 26 Sep 2003, Petty, Robert wrote: > The problem I have with this, using 2.2.8a on Solaris is any user can open > any other's home if they simply know the name of the other user. logging in > as rpetty, I can open NOBODY, ROOT, UUCP etc. I have to be able to limit > the ability. What perplexes me is that even when I am not sharing [homes], > I can still open the "NOBODY" share. Since nobody's home directory was "/" > it would open the root directory! In case it matters, I am using Winbind > for my security model (security = domain) but am having considerable issues > with querying trusted domains. Winbind is being very painful with 7-9 > second connection times for each share or files within shares. This only > happens when the Winbind timeout time lapses so I've bumped it up to 300 > seconds. Not _as_ painful but still too painful for production.
Directory access is limited by file system access controls. Samba honors these. Why is 'nobody' home set at '/' - why not '/tmp' or some other inocuous path? Have you files a bug report? https://bugzilla.samba.org - John T. > > > -----Original Message----- > > From: John H Terpstra [mailto:[EMAIL PROTECTED] > > Sent: Friday, September 26, 2003 10:05 AM > > To: Chris Smith > > Cc: [EMAIL PROTECTED] > > Subject: Re: [Samba] valid users = %S in rc4 > > > > > > Guys, > > > > The homes share should be set to be "browsable = No". > > Do NOT set the "valid users = %S" on the homes share. > > > > - John T. > > > > > > On Fri, 26 Sep 2003, Chris Smith wrote: > > > > > On Friday 26 September 2003 10:26, Derek T. Yarnell wrote: > > > > I see this problem too. I thought that I was going crazy. > > > > > > > > On Fri, Sep 26, 2003 at 10:14:36AM -0400, Chris Smith wrote: > > > > > On Friday 26 September 2003 00:15, Hannu Tikka wrote: > > > > > > After upgrading rc2 -> rc4 (suse binary packages) > > > > > > > > > > > > line 'valid users = %S' in [homes] section prevents > > user getting to his > > > > > > homedirectory > > > > > > > > > > Same change occured here when upgrading from 2.2.7a to > > the 3.0.0 release. > > > > > > Not only that but here I also see the homes share exposed > > twice in browse > > > lists, both as "homes" and also as the usersname with both > > shares being the > > > users home directory for that user. This is also different > > from previous > > > versions. > > > > > > Chris > > > > > > > -- > > John H Terpstra > > Email: [EMAIL PROTECTED] > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
