+++ Nick Boyce [29/01/05 02:56 +]:
I think it
should be okay to simply change the permissions on
/var/run/samba/locking.tdb so only root can access it. There's no
real need for ordinary users to use smbstatus anyway. IMHO.
Have you actually *tried* that 'solution'? Perhaps smbstatus
On Fri, 28.01.05, Thorsten Giese [EMAIL PROTECTED] wrote:
Michael, I see now, what you meant in your first post: hadn't looked at those
files so far. But the situation is not very satisfactory for me. I think some
things should not be seen by the user, and filenames are definitiv a problem.
On Fri, 28 Jan 2005 20:43:30 +0100, Nils Juergens wrote:
On Fri, 28.01.05, Thorsten Giese [EMAIL PROTECTED] wrote:
I think it is considered good practice not to have users on important
systems in the first place, so maybe you should be thinking about how to get
your users off of your server.
Hello there.
I just discovered, that smbstatus can be run by a normal user. It gives
sensible Information about usernames and pathes to files (locked files). I do
not find this behaviour reasonable. Any comments? suggestions how to fix
this? Should I file a bug report?
--
Viele Grüße
On Thu, Jan 27, 2005 at 03:28:49PM +0100, Thorsten Giese wrote:
I just discovered, that smbstatus can be run by a normal user. It gives
sensible Information about usernames and pathes to files (locked files). I do
not find this behaviour reasonable. Any comments? suggestions how to fix
this?
Am Donnerstag, 27. Januar 2005 15:56 schrieb Michael Stone:
I just discovered, that smbstatus can be run by a normal user. It gives
sensible Information about usernames and pathes to files (locked files). I
do not find this behaviour reasonable. Any comments? suggestions how to
fix this?
Use setfacl to set/remove rights to smbstatus.
Example:
chmod 700 /usr/bin/smbstatus
setfacl -m u:adminuser:r-x /usr/bin/smbstatus
setfacl -m u:baduser:--- /usr/bin/smbstatus
Use groups instead of users when posible.
setfacl is part of the acl package.
On Thu, 2005-01-27 at 15:28 +0100, Thorsten
On Thu, Jan 27, 2005 at 05:11:51PM +0100, Daniel van Eeden wrote:
Use setfacl to set/remove rights to smbstatus.
Example:
chmod 700 /usr/bin/smbstatus
setfacl -m u:adminuser:r-x /usr/bin/smbstatus
setfacl -m u:baduser:--- /usr/bin/smbstatus
Use groups instead of users when posible.
setfacl is part
Am Donnerstag, 27. Januar 2005 21:06 schrieb Michael Stone:
/var/run/samba/locking.tdb
There is plenty of information regarding filenames in this specific file, and
there are of course many other files ;). I wonder if it would do any harm do
samba, if that was not readable by others, if the
9 matches
Mail list logo
