[Samba] Swat lets everybody into the "good stuff"

Tue, 06 Jun 2006 13:49:02 -0700 

OK, I'm a Samba Noob, so be gentle with me. ;-)
I've finally (mainly because I'm an idiot) gotten samba (Version 3.0.14a-Debian) working on a Debian Stable system (uname -a == Linux files 2.4.27-2-386 #1 Wed Aug 17 09:33:35 UTC 2005 i686 GNU/Linux ) and I have several userid's & shares built & working, however, no matter which user logs in to Swat (for personal password changing) they have access to *everything*, including diddling with the smb.conf file, which would be a *bad* thing. Otherwise, things seem to be fine other than that "small" security glitch. ;-) 


The users have their "own" group, and their shares are listed to be owned 
solely by them - here's a snippet for one user:


files:/etc/samba# grep missy /etc/passwd
missy:x:2006:2006:missy:/home/everyone/missy:/bin/false

files:/etc/samba# grep missy /etc/group
missy:x:2006:

I also have a few group entries like this:

companies:x:1009:josh,missy,marilyn

listing several people who should be in a group for a "group share"

and here's the respective entry for this user in smb.conf:

[missy]

comment = Missy's Directory
write list = missy
create mask = 0600
directory mask = 0700
browseable = yes
writable = yes
path = /home/everyone/missy/files

=-=-= and the group share also:

[Companies]
  comment = B2B Company Information
  browseable = yes
  write list = missy,marilyn,josh
  group = companies
  writable = yes
  create mask = 0660
  directory mask = 0770
  path=/home/groups/companies

=-=-=-=-=-=-=-=


I also haven't figured out how to be able to get the shares to be "visible" 
under Nutwork Neighborhood in Winders, but the users are [gasp!] fairly 
competent and getting them to mount the share via the IP address really 
shouldn't be much of a problem; therefore I'm not really worried about it. ;-)


I have the full smb.conf file available here:

http://www.30below.com/~zmerch/samba/smb.conf

I don't want to keep it there _forever_ but I'll leave it up for 7 days or so.


Yes, I've googled. Yes, I've scanned the last few months of the archives. 
No, I've not been able to figure this out - anyone out there have a 
clue-by-4 with my name on it? ;-)


Thanks!
Roger "Merch" Merchberger

--
Roger "Merch" Merchberger   | "Bugs of a feather flock together."
sysadmin, Iceberg Computers |           Russell Nelson
[EMAIL PROTECTED]          |

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba














    











					Reply via email to