Public bug reported:
The reserved system user "nobody" should never be the owner of files.
This ensures that an access granted with the least privileged "nobody"
user will never be able to access or even corrupt files on the system.
The "nobody" user may not even be suited for granting public read
access, if it is intended to just run unprivileged local deamons.
Samba however creates files as the "nobody" user when samba guests are
allowed to create files (e.g. a public share).
Expected:
Samba gets configured to use an appropriate user id for guests that are able to
create files. This may be a samba specific user, e.g. "guest user = smbguest"
to show the origin of the file, together with "guest group = users (to which
all local users should belong, bug #253103)". The latter enables all system
users to access/modify/delete the files of smbguest also directly on the
filesystem (without going through samba shares that may have been enabled only
temporarily).
** Affects: samba (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
-
- The reserved system user "nobody" should never be the owner of files. This
ensures that the least privileged "nobody" user will never be able to access or
even corrupt files. This user may not even be suited for granting public read
access, if it is intended to just run unprivileged local deamons.
+ The reserved system user "nobody" should never be the owner of files.
+ This ensures that an access granted with the least privileged "nobody"
+ user will never be able to access or even corrupt files on the system.
+ The "nobody" user may not even be suited for granting public read
+ access, if it is intended to just run unprivileged local deamons.
Samba however creates files as the "nobody" user when samba guests are
allowed to create files (e.g. a public share).
Expected:
Samba gets configured to use an appropriate user id for guests that are able
to create files. This may be a samba specific user, e.g. "guest user =
smbguest" to show the origin of the file, together with "guest group = users
(to which all local users should belong, bug #253103)". The latter enables all
system users to access/modify/delete the files of smbguest also directly on the
filesystem.
** Description changed:
The reserved system user "nobody" should never be the owner of files.
This ensures that an access granted with the least privileged "nobody"
user will never be able to access or even corrupt files on the system.
The "nobody" user may not even be suited for granting public read
access, if it is intended to just run unprivileged local deamons.
Samba however creates files as the "nobody" user when samba guests are
allowed to create files (e.g. a public share).
Expected:
- Samba gets configured to use an appropriate user id for guests that are able
to create files. This may be a samba specific user, e.g. "guest user =
smbguest" to show the origin of the file, together with "guest group = users
(to which all local users should belong, bug #253103)". The latter enables all
system users to access/modify/delete the files of smbguest also directly on the
filesystem.
+ Samba gets configured to use an appropriate user id for guests that are able
to create files. This may be a samba specific user, e.g. "guest user =
smbguest" to show the origin of the file, together with "guest group = users
(to which all local users should belong, bug #253103)". The latter enables all
system users to access/modify/delete the files of smbguest also directly on the
filesystem (without going through samba shares that may have been enabled only
temporarily).
** Summary changed:
- samba maps guest user to reserved user "nobody"
+ samba maps guest users to reserved user "nobody"
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1099401
Title:
samba maps guest users to reserved user "nobody"
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1099401/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
