Bug#347304: samba: Should not add admin users to smbpasswd
On Tue, 2006-01-10 at 06:55 +0100, Christian Perrier wrote: All other system users will be allowed in, if they have a valid password when the smbpasswd is generated. I don't really see what's the need to have admin users like gdm, sshd, bin, daemon, sys, or identd (some of those are created by packages and are not default system users) allowed access through SMB. Granted, they don't have a valid password in most systems Indeed. Just as these accounts don't have a password in /etc/passwd, they should exist as disabled accounts in Samba. but it might be better off, just in case, to improve the postinst so that only local users (i.e. uid over FIRST_UID as defined in adduser.conf) are added to the smbpasswd file. That could be a debconf question if the user asked to automatically generate the smbpasswd file. Something like : Do you want to add the admin users to smbpasswd? (low priority defaulting to 'no') My own opinion: I agree with Javier on the main idea of the bug report. However, I don't think that the system users automatic addition deserves a debconf question. I really see no point in allowing system users to have a SMB account in a default setup (which is was the automatically ge)nerated smbpasswd file is). So I think we should keep it simple and just remove system users from the list. Be aware that adduser is not necessarily installed on all systems, so a backup value (1000 probably) for the lowest UID should probably be used. All users should be added to the database, if they are going to own files or otherwise be visible in any way from the windows world. This doesn't mean that they should have a valid login account (they should be disabled: double-check that). As we move more and more down the path of samba correctness, the issue of accounts that exist in unix but not in the Samba database becomes increasingly painful. Things work better if they are all there. Feel free to bring this up on samba-technical for a fuller discussion. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part
Bug#347304: samba: Should not add admin users to smbpasswd
On Tue, Jan 10, 2006 at 08:29:22PM +1100, Andrew Bartlett wrote: On Tue, 2006-01-10 at 06:55 +0100, Christian Perrier wrote: All other system users will be allowed in, if they have a valid password when the smbpasswd is generated. I don't really see what's the need to have admin users like gdm, sshd, bin, daemon, sys, or identd (some of those are created by packages and are not default system users) allowed access through SMB. Granted, they don't have a valid password in most systems Indeed. Just as these accounts don't have a password in /etc/passwd, they should exist as disabled accounts in Samba. but it might be better off, just in case, to improve the postinst so that only local users (i.e. uid over FIRST_UID as defined in adduser.conf) are added to the smbpasswd file. That could be a debconf question if the user asked to automatically generate the smbpasswd file. Something like : Do you want to add the admin users to smbpasswd? (low priority defaulting to 'no') My own opinion: I agree with Javier on the main idea of the bug report. However, I don't think that the system users automatic addition deserves a debconf question. I really see no point in allowing system users to have a SMB account in a default setup (which is was the automatically ge)nerated smbpasswd file is). So I think we should keep it simple and just remove system users from the list. Be aware that adduser is not necessarily installed on all systems, so a backup value (1000 probably) for the lowest UID should probably be used. All users should be added to the database, if they are going to own files or otherwise be visible in any way from the windows world. This doesn't mean that they should have a valid login account (they should be disabled: double-check that). # pdbedit -u man -w man:6:::[DU ]:LCT-: # IIRC, the '[D' indicates 'disabled'; and TTBOMK, that flag is being set upon import using pdbedit. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Bug#347304: samba: Should not add admin users to smbpasswd
On Tue, 2006-01-10 at 00:14 +0100, Javier Fernández-Sanguino Peña wrote: Package: samba Version: 3.0.21a-1 Priority: wishlist Currently samba's postinst does this if the user says 'yes' to generate automatically the smbpasswd file: getent passwd | /usr/sbin/mksmbpasswd /etc/samba/smbpasswd pdbedit -i smbpasswd -e tdbsam rm /etc/samba/smbpasswd This means that *all* users, including regular users and system users are added in the smbpasswd file. The default smb.conf file has this: invalid users = root Which means that 'root' cannot log on to the system through SMB but since the PAM configuration for samba is the default: Actually, it means nothing of the sort. It is bogus, adds little for security and until recent work with privileges prevented administrators from joining machines to the domain. It simply means that after you have brute-forced the root password (with samba telling you yes/no to that stage), you can't connect to a share. I think it remains there as a historical relic. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part
Bug#347304: samba: Should not add admin users to smbpasswd
Package: samba Version: 3.0.21a-1 Priority: wishlist Currently samba's postinst does this if the user says 'yes' to generate automatically the smbpasswd file: getent passwd | /usr/sbin/mksmbpasswd /etc/samba/smbpasswd pdbedit -i smbpasswd -e tdbsam rm /etc/samba/smbpasswd This means that *all* users, including regular users and system users are added in the smbpasswd file. The default smb.conf file has this: invalid users = root Which means that 'root' cannot log on to the system through SMB but since the PAM configuration for samba is the default: @include common-auth @include common-account @include common-session All other system users will be allowed in, if they have a valid password when the smbpasswd is generated. I don't really see what's the need to have admin users like gdm, sshd, bin, daemon, sys, or identd (some of those are created by packages and are not default system users) allowed access through SMB. Granted, they don't have a valid password in most systems but it might be better off, just in case, to improve the postinst so that only local users (i.e. uid over FIRST_UID as defined in adduser.conf) are added to the smbpasswd file. That could be a debconf question if the user asked to automatically generate the smbpasswd file. Something like : Do you want to add the admin users to smbpasswd? (low priority defaulting to 'no') If this looks like a valid change I can go ahead and propose a patch. Regards Javier signature.asc Description: Digital signature
Bug#347304: samba: Should not add admin users to smbpasswd
All other system users will be allowed in, if they have a valid password when the smbpasswd is generated. I don't really see what's the need to have admin users like gdm, sshd, bin, daemon, sys, or identd (some of those are created by packages and are not default system users) allowed access through SMB. Granted, they don't have a valid password in most systems but it might be better off, just in case, to improve the postinst so that only local users (i.e. uid over FIRST_UID as defined in adduser.conf) are added to the smbpasswd file. That could be a debconf question if the user asked to automatically generate the smbpasswd file. Something like : Do you want to add the admin users to smbpasswd? (low priority defaulting to 'no') My own opinion: I agree with Javier on the main idea of the bug report. However, I don't think that the system users automatic addition deserves a debconf question. I really see no point in allowing system users to have a SMB account in a default setup (which is was the automatically ge)nerated smbpasswd file is). So I think we should keep it simple and just remove system users from the list. Be aware that adduser is not necessarily installed on all systems, so a backup value (1000 probably) for the lowest UID should probably be used. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
