Re: [Samba] Revisit - Re: Default Hidden Disk Shares
On 10/21/2010 12:42 AM, Jeremy Allison wrote: On Wed, Oct 20, 2010 at 10:29:41PM -0400, Robert Moskowitz wrote: I want admin to be able to access other user data to clean up any messes they have. Kind of standard here at home with my kids getting into challenges and asking for help. Or they did an assignment from the wrong login, and now I have to move it around. More my wife tends to just use my login and access her files. Well I will have to skin this cat another way. Most likely set up some symlinks and ID groups. Look into the admin user parameter. Anyone coming in as that user is mapped to root, with full priviliges. Just create an admin user, set admin user = admin in the [global] section and don't tell anyone else the password :-). oow That is valuable. And risky. I think I will try it! And I ASSuME that admin user = admin1, admin2 works as well? Did a quick google search and did not find anything on this (sometimes I have to fix things from my wife's login; she is in the middle of something and needs a bit of help...). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Revisit - Re: Default Hidden Disk Shares
On Thu, Oct 21, 2010 at 11:05:57AM -0400, Robert Moskowitz wrote: On 10/21/2010 12:42 AM, Jeremy Allison wrote: On Wed, Oct 20, 2010 at 10:29:41PM -0400, Robert Moskowitz wrote: I want admin to be able to access other user data to clean up any messes they have. Kind of standard here at home with my kids getting into challenges and asking for help. Or they did an assignment from the wrong login, and now I have to move it around. More my wife tends to just use my login and access her files. Well I will have to skin this cat another way. Most likely set up some symlinks and ID groups. Look into the admin user parameter. Anyone coming in as that user is mapped to root, with full priviliges. Just create an admin user, set admin user = admin in the [global] section and don't tell anyone else the password :-). oow That is valuable. And risky. I think I will try it! And I ASSuME that admin user = admin1, admin2 works as well? Did a quick google search and did not find anything on this (sometimes I have to fix things from my wife's login; she is in the middle of something and needs a bit of help...). Yes, admin user is a list parameter. Anyone on that list == root. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Revisit - Re: Default Hidden Disk Shares
Not to flog a dead horse I am building a replacement for my old NT server at home (been running undisturbed since '95) using the amahi.org distro, and turning on the advanced settings for PDC support. I have done a few things with the Amahi developers and have made mods to the DNS and DHCP setup script to suit my needs. Now for tackling the Samba stuff before configuring all new workstations as well (upgrading from W2K wrkstations to XP pro woo!). I am not so interested in C$ to access the whole drive, but to access all the user shares. So I was thinking about something like: [C$] comment = CC path = /home writeable = yes browseable = no valid users = admin1, admin2 write list = admin1, admin2 create mask = 0775 force create mode = 0664 directory mask = 0775 force directory mode = 0775 [D$] comment = DD path = /var/hda/files writeable = yes browseable = no valid users = admin1, admin2 write list = admin1, admin2 create mask = 0775 force create mode = 0664 directory mask = 0775 force directory mode = 0775 Of course, the Amahi front end won't let me name a share with a $ in it (or at least ending in one), and I am having to edit the smb.conf file to get this setup. Understanding that only Windows clients 'hide' $ shares, and given my goal of being able to view all shares from a couple shares, does this seem the way to go? On 07/05/2010 02:04 PM, Robert LeBlanc wrote: The Windows client will hide any share that ends with a '$' whether or not it is an administrator share, it's doesn't know or care. In this case there is no difference between hidden and normal because to Windows they are both hidden. Give it a try sometime. If you hit the server with a Mac client, it shows all the shares (at least it used to, I haven't tried in a long time), even the c$, d$, etc. I think the Linux SMB clients also do the same. So to rely on 'server' to 'hide' these shares, is a very false sense of security. It's the actual client that does the hiding from normal users. Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Mon, Jul 5, 2010 at 2:43 AM, Atkinson, Robertratkin...@tbs-ltd.co.ukwrote: Robert, the discussion was around the hidden ‘$’ shares, not normal ones. Rob. *From:* Robert LeBlanc [mailto:rob...@leblancnet.us] *Sent:* 02 July 2010 19:15 *To:* Atkinson, Robert *Cc:* Jeremy Allison; samba@lists.samba.org *Subject:* Re: [Samba] Default Hidden Disk Shares On Fri, Jul 2, 2010 at 2:05 AM, Atkinson, Robertratkin...@tbs-ltd.co.uk wrote: Interesting to see you say it's dangerous. The way the Windows version works is that you have to be part of the Administrator group to be able to see them, which I would have thought secure enough? This is not true, the share is advertised to anyone who asks. The Windows client only hides shares that end with a '$'. By default Windows gives access only to administrators (by default), but they are by no means hidden. Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University *** Any opinions expressed in email are those of the individual and not necessarily those of the company. This email and any files transmitted with it are confidential and solely for the use of the intended recipient or entity to whom they are addressed. It may contain material protected by attorney-client privilege. If you are not the intended recipient, or a person responsible for delivering to the intended recipient, be advised that you have received this email in error and that any use is strictly prohibited. Random House Group + 44 (0) 20 7840 8400 http://www.randomhouse.co.uk http://www.booksattransworld.co.uk http://www.kidsatrandomhouse.co.uk Generic email address - enquir...@randomhouse.co.uk Name Registered Office: THE RANDOM HOUSE GROUP LIMITED 20 VAUXHALL BRIDGE ROAD LONDON SW1V 2SA Random House Group Ltd is registered in the United Kingdom with company No. 00954009, VAT number 102838980 *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Revisit - Re: Default Hidden Disk Shares
On 10/20/2010 03:37 PM, Robert Moskowitz wrote: Not to flog a dead horse I am building a replacement for my old NT server at home (been running undisturbed since '95) using the amahi.org distro, and turning on the advanced settings for PDC support. I have done a few things with the Amahi developers and have made mods to the DNS and DHCP setup script to suit my needs. Now for tackling the Samba stuff before configuring all new workstations as well (upgrading from W2K wrkstations to XP pro woo!). I am not so interested in C$ to access the whole drive, but to access all the user shares. So I was thinking about something like: [C$] comment = CC path = /home writeable = yes browseable = no valid users = admin1, admin2 write list = admin1, admin2 create mask = 0775 force create mode = 0664 directory mask = 0775 force directory mode = 0775 Well, perhaps the masks are wrong because I see all of /home, but admin1 only can access /home/admin1 All the other directories gets access denied. So what would be the proper masks? [D$] comment = DD path = /var/hda/files writeable = yes browseable = no valid users = admin1, admin2 write list = admin1, admin2 create mask = 0775 force create mode = 0664 directory mask = 0775 force directory mode = 0775 Of course, the Amahi front end won't let me name a share with a $ in it (or at least ending in one), and I am having to edit the smb.conf file to get this setup. Understanding that only Windows clients 'hide' $ shares, and given my goal of being able to view all shares from a couple shares, does this seem the way to go? On 07/05/2010 02:04 PM, Robert LeBlanc wrote: The Windows client will hide any share that ends with a '$' whether or not it is an administrator share, it's doesn't know or care. In this case there is no difference between hidden and normal because to Windows they are both hidden. Give it a try sometime. If you hit the server with a Mac client, it shows all the shares (at least it used to, I haven't tried in a long time), even the c$, d$, etc. I think the Linux SMB clients also do the same. So to rely on 'server' to 'hide' these shares, is a very false sense of security. It's the actual client that does the hiding from normal users. Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Mon, Jul 5, 2010 at 2:43 AM, Atkinson, Robertratkin...@tbs-ltd.co.ukwrote: Robert, the discussion was around the hidden ‘$’ shares, not normal ones. Rob. *From:* Robert LeBlanc [mailto:rob...@leblancnet.us] *Sent:* 02 July 2010 19:15 *To:* Atkinson, Robert *Cc:* Jeremy Allison; samba@lists.samba.org *Subject:* Re: [Samba] Default Hidden Disk Shares On Fri, Jul 2, 2010 at 2:05 AM, Atkinson, Robertratkin...@tbs-ltd.co.uk wrote: Interesting to see you say it's dangerous. The way the Windows version works is that you have to be part of the Administrator group to be able to see them, which I would have thought secure enough? This is not true, the share is advertised to anyone who asks. The Windows client only hides shares that end with a '$'. By default Windows gives access only to administrators (by default), but they are by no means hidden. Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University *** Any opinions expressed in email are those of the individual and not necessarily those of the company. This email and any files transmitted with it are confidential and solely for the use of the intended recipient or entity to whom they are addressed. It may contain material protected by attorney-client privilege. If you are not the intended recipient, or a person responsible for delivering to the intended recipient, be advised that you have received this email in error and that any use is strictly prohibited. Random House Group + 44 (0) 20 7840 8400 http://www.randomhouse.co.uk http://www.booksattransworld.co.uk http://www.kidsatrandomhouse.co.uk Generic email address - enquir...@randomhouse.co.uk Name Registered Office: THE RANDOM HOUSE GROUP LIMITED 20 VAUXHALL BRIDGE ROAD LONDON SW1V 2SA Random House Group Ltd is registered in the United Kingdom with company No. 00954009, VAT number 102838980 *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Revisit - Re: Default Hidden Disk Shares
On Wed, Oct 20, 2010 at 09:31:39PM -0400, Robert Moskowitz wrote: On 10/20/2010 03:37 PM, Robert Moskowitz wrote: Not to flog a dead horse I am building a replacement for my old NT server at home (been running undisturbed since '95) using the amahi.org distro, and turning on the advanced settings for PDC support. I have done a few things with the Amahi developers and have made mods to the DNS and DHCP setup script to suit my needs. Now for tackling the Samba stuff before configuring all new workstations as well (upgrading from W2K wrkstations to XP pro woo!). I am not so interested in C$ to access the whole drive, but to access all the user shares. So I was thinking about something like: [C$] comment = CC path = /home writeable = yes browseable = no valid users = admin1, admin2 write list = admin1, admin2 create mask = 0775 force create mode = 0664 directory mask = 0775 force directory mode = 0775 Well, perhaps the masks are wrong because I see all of /home, but admin1 only can access /home/admin1 All the other directories gets access denied. So what would be the proper masks? The masks aren't what is denying you access, they specify the permissions created files/directories get. Remember Samba is looking at the UNIX permissions on the disk. admin1 probably only has access to /home/admin1 and no access to any other directory under /home. That's why you see what you see. I'm not clear on what exactly you're trying to do here ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Revisit - Re: Default Hidden Disk Shares
On 10/20/2010 09:35 PM, Jeremy Allison wrote: On Wed, Oct 20, 2010 at 09:31:39PM -0400, Robert Moskowitz wrote: On 10/20/2010 03:37 PM, Robert Moskowitz wrote: Not to flog a dead horse I am building a replacement for my old NT server at home (been running undisturbed since '95) using the amahi.org distro, and turning on the advanced settings for PDC support. I have done a few things with the Amahi developers and have made mods to the DNS and DHCP setup script to suit my needs. Now for tackling the Samba stuff before configuring all new workstations as well (upgrading from W2K wrkstations to XP pro woo!). I am not so interested in C$ to access the whole drive, but to access all the user shares. So I was thinking about something like: [C$] comment = CC path = /home writeable = yes browseable = no valid users = admin1, admin2 write list = admin1, admin2 create mask = 0775 force create mode = 0664 directory mask = 0775 force directory mode = 0775 Well, perhaps the masks are wrong because I see all of /home, but admin1 only can access /home/admin1 All the other directories gets access denied. So what would be the proper masks? The masks aren't what is denying you access, they specify the permissions created files/directories get. Remember Samba is looking at the UNIX permissions on the disk. admin1 probably only has access to /home/admin1 and no access to any other directory under /home. That's why you see what you see. oh well... I'm not clear on what exactly you're trying to do here ? I want admin to be able to access other user data to clean up any messes they have. Kind of standard here at home with my kids getting into challenges and asking for help. Or they did an assignment from the wrong login, and now I have to move it around. More my wife tends to just use my login and access her files. Well I will have to skin this cat another way. Most likely set up some symlinks and ID groups. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Revisit - Re: Default Hidden Disk Shares
On Wed, Oct 20, 2010 at 10:29:41PM -0400, Robert Moskowitz wrote: I want admin to be able to access other user data to clean up any messes they have. Kind of standard here at home with my kids getting into challenges and asking for help. Or they did an assignment from the wrong login, and now I have to move it around. More my wife tends to just use my login and access her files. Well I will have to skin this cat another way. Most likely set up some symlinks and ID groups. Look into the admin user parameter. Anyone coming in as that user is mapped to root, with full priviliges. Just create an admin user, set admin user = admin in the [global] section and don't tell anyone else the password :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
