diff options
| author | Gerald Carter <jerry@samba.org> | 2002-10-25 15:15:32 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2002-10-25 15:15:32 +0000 |
| commit | ad0e01e75059bedde6400529f1a5193ef9735e9b (patch) | |
| tree | 9d5dd6433ca7b564a7f29a44f4bed3168da35da3 /docs/textdocs/UNIX_SECURITY.txt | |
| parent | 48216962c4bd2ca71d1900d11d6f4d5e7de83b80 (diff) | |
| download | samba-ad0e01e75059bedde6400529f1a5193ef9735e9b.tar.gz samba-ad0e01e75059bedde6400529f1a5193ef9735e9b.tar.bz2 samba-ad0e01e75059bedde6400529f1a5193ef9735e9b.zip | |
sync from HEAD
(This used to be commit 2eb7f0acd761a11bb0f24010347247074c5ed49a)
Diffstat (limited to 'docs/textdocs/UNIX_SECURITY.txt')
| -rw-r--r-- | docs/textdocs/UNIX_SECURITY.txt | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/docs/textdocs/UNIX_SECURITY.txt b/docs/textdocs/UNIX_SECURITY.txt deleted file mode 100644 index 38705f018a..0000000000 --- a/docs/textdocs/UNIX_SECURITY.txt +++ /dev/null @@ -1,54 +0,0 @@ -Contributor: John H Terpstra <jht@samba.org> -Date: July 5, 1998 -Status: Current - -Subject: SETTING UNIX FILE SYSTEM SECURITY -=============================================================================== -The following excerpt from a bug report demonstrates the need to -understand Unix file system security and to manage it correctly. - -Quote: -====== -> We are unable to keep individual users from mapping to any other user's -> home directory once they have supplied a valid password! They only need -> to enter their own password. I have not found *any* method that I can -> use to configure samba to enforce that only a user may map their own -> home directory. -> -> User xyzzy can map his home directory. Once mapped user xyzzy can also map -> *anyone* elses home directory! - -ANSWER: -======= -This is not a security flaw, it is by design. Samba allows -users to have *exactly* the same access to the UNIX filesystem -as they would if they were logged onto the UNIX box, except -that it only allows such views onto the file system as are -allowed by the defined shares. - -This means that if your UNIX home directories are set up -such that one user can happily cd into another users -directory and do an ls, the UNIX security solution is to -change the UNIX file permissions on the users home directories -such that the cd and ls would be denied. - -Samba tries very hard not to second guess the UNIX administrators -security policies, and trusts the UNIX admin to set -the policies and permissions he or she desires. - -Samba does allow the setup you require when you have set the -"only user = yes" option on the share, is that you have not set the -valid users list for the share. - -Note that only user works in conjunction with the users= list, -so to get the behavior you require, add the line : - -users = %S - -this is equivalent to: - -valid users = %S - -to the definition of the [homes] share, as recommended in -the smb.conf man page. - |