No, I haven't filed a bug report... The key part of my message "was": "Since nobody's home > directory was "/" > > it would open the root directory"
I have changed it since I immediately recognized it as a security issue. The initial response to "Why is 'nobody' home set at '/' - why not '/tmp' or" is that when you install a brand new version of Solaris 9, that's how Sun sets it. Ironically, applying jass didn't change it! Seems to me that jass missed a key issue. anyhow, I'm heading off topic. This will be interesting to see how the %S plays out since we essentially require it to enforce security for home directories.... Robert > -----Original Message----- > From: John H Terpstra [mailto:[EMAIL PROTECTED] > Sent: Friday, September 26, 2003 10:18 AM > To: Petty, Robert > Cc: Chris Smith; [EMAIL PROTECTED] > Subject: RE: [Samba] valid users = %S in rc4 > > > On Fri, 26 Sep 2003, Petty, Robert wrote: > > > The problem I have with this, using 2.2.8a on Solaris is > any user can open > > any other's home if they simply know the name of the other > user. logging in > > as rpetty, I can open NOBODY, ROOT, UUCP etc. I have to be > able to limit > > the ability. What perplexes me is that even when I am not > sharing [homes], > > I can still open the "NOBODY" share. Since nobody's home > directory was "/" > > it would open the root directory! In case it matters, I am > using Winbind > > for my security model (security = domain) but am having > considerable issues > > with querying trusted domains. Winbind is being very > painful with 7-9 > > second connection times for each share or files within > shares. This only > > happens when the Winbind timeout time lapses so I've bumped > it up to 300 > > seconds. Not _as_ painful but still too painful for production. > > Directory access is limited by file system access controls. > Samba honors > these. > > Why is 'nobody' home set at '/' - why not '/tmp' or some > other inocuous > path? > > Have you files a bug report? https://bugzilla.samba.org > > - John T. > > > > > -----Original Message----- > > > From: John H Terpstra [mailto:[EMAIL PROTECTED] > > > Sent: Friday, September 26, 2003 10:05 AM > > > To: Chris Smith > > > Cc: [EMAIL PROTECTED] > > > Subject: Re: [Samba] valid users = %S in rc4 > > > > > > > > > Guys, > > > > > > The homes share should be set to be "browsable = No". > > > Do NOT set the "valid users = %S" on the homes share. > > > > > > - John T. > > > > > > > > > On Fri, 26 Sep 2003, Chris Smith wrote: > > > > > > > On Friday 26 September 2003 10:26, Derek T. Yarnell wrote: > > > > > I see this problem too. I thought that I was going crazy. > > > > > > > > > > On Fri, Sep 26, 2003 at 10:14:36AM -0400, Chris Smith wrote: > > > > > > On Friday 26 September 2003 00:15, Hannu Tikka wrote: > > > > > > > After upgrading rc2 -> rc4 (suse binary packages) > > > > > > > > > > > > > > line 'valid users = %S' in [homes] section prevents > > > user getting to his > > > > > > > homedirectory > > > > > > > > > > > > Same change occured here when upgrading from 2.2.7a to > > > the 3.0.0 release. > > > > > > > > Not only that but here I also see the homes share exposed > > > twice in browse > > > > lists, both as "homes" and also as the usersname with both > > > shares being the > > > > users home directory for that user. This is also different > > > from previous > > > > versions. > > > > > > > > Chris > > > > > > > > > > -- > > > John H Terpstra > > > Email: [EMAIL PROTECTED] > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > > > > -- > John H Terpstra > Email: [EMAIL PROTECTED] > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba