diff options
Diffstat (limited to 'docs/docbook/projdoc/securing-samba.xml')
-rw-r--r-- | docs/docbook/projdoc/securing-samba.xml | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/docs/docbook/projdoc/securing-samba.xml b/docs/docbook/projdoc/securing-samba.xml index 1004260394..b137a05ec9 100644 --- a/docs/docbook/projdoc/securing-samba.xml +++ b/docs/docbook/projdoc/securing-samba.xml @@ -304,5 +304,66 @@ out to be a security problem request are totally convinced that the problem is w </sect2> + <sect2> + <title>Why can users access home directories of other users?</title> + + <para> + <quote> + We are unable to keep individual users from mapping to any other user's + home directory once they have supplied a valid password! They only need + to enter their own password. I have not found *any* method that I can + use to configure samba to enforce that only a user may map their own + home directory. + </quote> + </para> + + <para><quote> + User xyzzy can map his home directory. Once mapped user xyzzy can also map + *anyone* elses home directory! + </quote></para> + + <para> + This is not a security flaw, it is by design. Samba allows + users to have *exactly* the same access to the UNIX filesystem + as they would if they were logged onto the UNIX box, except + that it only allows such views onto the file system as are + allowed by the defined shares. + </para> + + <para> + This means that if your UNIX home directories are set up + such that one user can happily cd into another users + directory and do an ls, the UNIX security solution is to + change the UNIX file permissions on the users home directories + such that the cd and ls would be denied. + </para> + + <para> + Samba tries very hard not to second guess the UNIX administrators + security policies, and trusts the UNIX admin to set + the policies and permissions he or she desires. + </para> + + <para> + Samba does allow the setup you require when you have set the + <parameter>only user = yes</parameter> option on the share, is that you have not set the + valid users list for the share. + </para> + + <para> + Note that only user works in conjunction with the users= list, + so to get the behavior you require, add the line : + <programlisting> + users = %S + </programlisting> + this is equivalent to: + <programlisting> + valid users = %S + </programlisting> + to the definition of the <parameter>[homes]</parameter> share, as recommended in + the &smb.conf; man page. + </para> + </sect2> + </sect1> </chapter> |