summaryrefslogtreecommitdiff
path: root/docs/docbook/projdoc/securing-samba.xml
diff options
context:
space:
mode:
Diffstat (limited to 'docs/docbook/projdoc/securing-samba.xml')
-rw-r--r--docs/docbook/projdoc/securing-samba.xml61
1 files changed, 61 insertions, 0 deletions
diff --git a/docs/docbook/projdoc/securing-samba.xml b/docs/docbook/projdoc/securing-samba.xml
index 1004260394..b137a05ec9 100644
--- a/docs/docbook/projdoc/securing-samba.xml
+++ b/docs/docbook/projdoc/securing-samba.xml
@@ -304,5 +304,66 @@ out to be a security problem request are totally convinced that the problem is w
</sect2>
+ <sect2>
+ <title>Why can users access home directories of other users?</title>
+
+ <para>
+ <quote>
+ We are unable to keep individual users from mapping to any other user's
+ home directory once they have supplied a valid password! They only need
+ to enter their own password. I have not found *any* method that I can
+ use to configure samba to enforce that only a user may map their own
+ home directory.
+ </quote>
+ </para>
+
+ <para><quote>
+ User xyzzy can map his home directory. Once mapped user xyzzy can also map
+ *anyone* elses home directory!
+ </quote></para>
+
+ <para>
+ This is not a security flaw, it is by design. Samba allows
+ users to have *exactly* the same access to the UNIX filesystem
+ as they would if they were logged onto the UNIX box, except
+ that it only allows such views onto the file system as are
+ allowed by the defined shares.
+ </para>
+
+ <para>
+ This means that if your UNIX home directories are set up
+ such that one user can happily cd into another users
+ directory and do an ls, the UNIX security solution is to
+ change the UNIX file permissions on the users home directories
+ such that the cd and ls would be denied.
+ </para>
+
+ <para>
+ Samba tries very hard not to second guess the UNIX administrators
+ security policies, and trusts the UNIX admin to set
+ the policies and permissions he or she desires.
+ </para>
+
+ <para>
+ Samba does allow the setup you require when you have set the
+ <parameter>only user = yes</parameter> option on the share, is that you have not set the
+ valid users list for the share.
+ </para>
+
+ <para>
+ Note that only user works in conjunction with the users= list,
+ so to get the behavior you require, add the line :
+ <programlisting>
+ users = %S
+ </programlisting>
+ this is equivalent to:
+ <programlisting>
+ valid users = %S
+ </programlisting>
+ to the definition of the <parameter>[homes]</parameter> share, as recommended in
+ the &smb.conf; man page.
+ </para>
+ </sect2>
+
</sect1>
</chapter>