diff options
| author | Jelmer Vernooij <jelmer@samba.org> | 2002-10-04 18:18:45 +0000 |
|---|---|---|
| committer | Jelmer Vernooij <jelmer@samba.org> | 2002-10-04 18:18:45 +0000 |
| commit | 972336ebecd8690ea26830e08770507f5849311b (patch) | |
| tree | 20be456e3cd471648899624bceb530db505e7f5b /docs/docbook/faq/errors.sgml | |
| parent | 7f58076bf7d723e2d65e642a4cdafa09bd9dc3f2 (diff) | |
| download | samba-972336ebecd8690ea26830e08770507f5849311b.tar.gz samba-972336ebecd8690ea26830e08770507f5849311b.tar.bz2 samba-972336ebecd8690ea26830e08770507f5849311b.zip | |
Convert even more text docs
(This used to be commit cde5cd455ca48fde7eeb7cea84b061ef3be58e23)
Diffstat (limited to 'docs/docbook/faq/errors.sgml')
| -rw-r--r-- | docs/docbook/faq/errors.sgml | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/docs/docbook/faq/errors.sgml b/docs/docbook/faq/errors.sgml index 53e4d01e20..0a40011fbb 100644 --- a/docs/docbook/faq/errors.sgml +++ b/docs/docbook/faq/errors.sgml @@ -82,4 +82,81 @@ SMB servers. </sect1> +<sect1> +<title>The data on the CD-Drive I've shared seems to be corrupted!</title> + +<para> +Some OSes (notably Linux) default to auto detection of file type on +cdroms and do cr/lf translation. This is a very bad idea when use with +Samba. It causes all sorts of stuff ups. +</para> + +<para> +To overcome this problem use conv=binary when mounting the cdrom +before exporting it with Samba. +</para> + +</sect1> + +<sect1> +<title>Why can users access home directories of other users?</title> + +<para> +<quote> +We are unable to keep individual users from mapping to any other user's +home directory once they have supplied a valid password! They only need +to enter their own password. I have not found *any* method that I can +use to configure samba to enforce that only a user may map their own +home directory. +</quote> +</para> + +<para><quote> +User xyzzy can map his home directory. Once mapped user xyzzy can also map +*anyone* elses home directory! +</quote></para> + +<para> +This is not a security flaw, it is by design. Samba allows +users to have *exactly* the same access to the UNIX filesystem +as they would if they were logged onto the UNIX box, except +that it only allows such views onto the file system as are +allowed by the defined shares. +</para> + +<para> +This means that if your UNIX home directories are set up +such that one user can happily cd into another users +directory and do an ls, the UNIX security solution is to +change the UNIX file permissions on the users home directories +such that the cd and ls would be denied. +</para> + +<para> +Samba tries very hard not to second guess the UNIX administrators +security policies, and trusts the UNIX admin to set +the policies and permissions he or she desires. +</para> + +<para> +Samba does allow the setup you require when you have set the +"only user = yes" option on the share, is that you have not set the +valid users list for the share. +</para> + +<para> +Note that only user works in conjunction with the users= list, +so to get the behavior you require, add the line : +<programlisting> +users = %S +</programlisting> +this is equivalent to: +<programlisting> +valid users = %S +</programlisting> +to the definition of the [homes] share, as recommended in +the smb.conf man page. +</para> + +</sect1> </chapter> |