From 972336ebecd8690ea26830e08770507f5849311b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 4 Oct 2002 18:18:45 +0000 Subject: Convert even more text docs (This used to be commit cde5cd455ca48fde7eeb7cea84b061ef3be58e23) --- docs/docbook/faq/clientapp.sgml | 16 ++++++ docs/docbook/faq/errors.sgml | 77 ++++++++++++++++++++++++++++ docs/faq/clientapp.html | 38 ++++++++++++++ docs/faq/errors.html | 80 +++++++++++++++++++++++++++-- docs/faq/samba-faq.html | 42 +++++++++++---- docs/textdocs/HINTS.txt | 111 ---------------------------------------- docs/textdocs/UNIX_SECURITY.txt | 54 ------------------- 7 files changed, 239 insertions(+), 179 deletions(-) delete mode 100644 docs/textdocs/HINTS.txt delete mode 100644 docs/textdocs/UNIX_SECURITY.txt (limited to 'docs') diff --git a/docs/docbook/faq/clientapp.sgml b/docs/docbook/faq/clientapp.sgml index 2077b230ce..6d687bf772 100644 --- a/docs/docbook/faq/clientapp.sgml +++ b/docs/docbook/faq/clientapp.sgml @@ -81,5 +81,21 @@ workstation as follows: \\"Server_Name"\MSOP95\msoffice\setup + + + +Microsoft Access database opening errors + + +Here are some notes on running MS-Access on a Samba drive from Stefan Kjellberg + + + +Opening a database in 'exclusive' mode does NOT work. Samba ignores r/w/share modes on file open. +Make sure that you open the database as 'shared' and to 'lock modified records' +Of course locking must be enabled for the particular share (smb.conf) + + + diff --git a/docs/docbook/faq/errors.sgml b/docs/docbook/faq/errors.sgml index 53e4d01e20..0a40011fbb 100644 --- a/docs/docbook/faq/errors.sgml +++ b/docs/docbook/faq/errors.sgml @@ -82,4 +82,81 @@ SMB servers. + +The data on the CD-Drive I've shared seems to be corrupted! + + +Some OSes (notably Linux) default to auto detection of file type on +cdroms and do cr/lf translation. This is a very bad idea when use with +Samba. It causes all sorts of stuff ups. + + + +To overcome this problem use conv=binary when mounting the cdrom +before exporting it with Samba. + + + + + +Why can users access home directories of other users? + + + +We are unable to keep individual users from mapping to any other user's +home directory once they have supplied a valid password! They only need +to enter their own password. I have not found *any* method that I can +use to configure samba to enforce that only a user may map their own +home directory. + + + + +User xyzzy can map his home directory. Once mapped user xyzzy can also map +*anyone* elses home directory! + + + +This is not a security flaw, it is by design. Samba allows +users to have *exactly* the same access to the UNIX filesystem +as they would if they were logged onto the UNIX box, except +that it only allows such views onto the file system as are +allowed by the defined shares. + + + +This means that if your UNIX home directories are set up +such that one user can happily cd into another users +directory and do an ls, the UNIX security solution is to +change the UNIX file permissions on the users home directories +such that the cd and ls would be denied. + + + +Samba tries very hard not to second guess the UNIX administrators +security policies, and trusts the UNIX admin to set +the policies and permissions he or she desires. + + + +Samba does allow the setup you require when you have set the +"only user = yes" option on the share, is that you have not set the +valid users list for the share. + + + +Note that only user works in conjunction with the users= list, +so to get the behavior you require, add the line : + +users = %S + +this is equivalent to: + +valid users = %S + +to the definition of the [homes] share, as recommended in +the smb.conf man page. + + + diff --git a/docs/faq/clientapp.html b/docs/faq/clientapp.html index fd120f90cd..3196fd285e 100644 --- a/docs/faq/clientapp.html +++ b/docs/faq/clientapp.html @@ -155,6 +155,44 @@ CLASS="COMMAND" >

3.3. Microsoft Access database opening errors

Here are some notes on running MS-Access on a Samba drive from Stefan Kjellberg

Opening a database in 'exclusive' mode does NOT work. Samba ignores r/w/share modes on file open.
Make sure that you open the database as 'shared' and to 'lock modified records'
Of course locking must be enabled for the particular share (smb.conf)

4.1. Not listening for calling name

4.2. System Error 1240

4.3. smbclient ignores -N !

4.4. The data on the CD-Drive I've shared seems to be corrupted!

Some OSes (notably Linux) default to auto detection of file type on +cdroms and do cr/lf translation. This is a very bad idea when use with +Samba. It causes all sorts of stuff ups.

To overcome this problem use conv=binary when mounting the cdrom +before exporting it with Samba.

4.5. Why can users access home directories of other users?

"We are unable to keep individual users from mapping to any other user's +home directory once they have supplied a valid password! They only need +to enter their own password. I have not found *any* method that I can +use to configure samba to enforce that only a user may map their own +home directory."

"User xyzzy can map his home directory. Once mapped user xyzzy can also map +*anyone* elses home directory!"

This is not a security flaw, it is by design. Samba allows +users to have *exactly* the same access to the UNIX filesystem +as they would if they were logged onto the UNIX box, except +that it only allows such views onto the file system as are +allowed by the defined shares.

This means that if your UNIX home directories are set up +such that one user can happily cd into another users +directory and do an ls, the UNIX security solution is to +change the UNIX file permissions on the users home directories +such that the cd and ls would be denied.

Samba tries very hard not to second guess the UNIX administrators +security policies, and trusts the UNIX admin to set +the policies and permissions he or she desires.

Samba does allow the setup you require when you have set the +"only user = yes" option on the share, is that you have not set the +valid users list for the share.

Note that only user works in conjunction with the users= list, +so to get the behavior you require, add the line : +

users = %S
+this is equivalent to: +
valid users = %S
+to the definition of the [homes] share, as recommended in +the smb.conf man page.

How to use a Samba share as an administrative share for MS Office, etc.
3.3. Microsoft Access database opening errors
4.1. Not listening for calling name
4.2. System Error 1240
4.3. smbclient ignores -N !
4.4. The data on the CD-Drive I've shared seems to be corrupted!
4.5. Why can users access home directories of other users?
5.1. How can I prevent my samba server from being used to distribute the Nimda worm?
5.2. How can I use samba as a fax server?
5.2.1. Tools for printing faxes
5.2.2. Making the fax-server
5.2.3. Installing the client drivers
5.2.4. Example smb.conf
5.3. Samba doesn't work well together with DHCP!
5.4. How can I assign NetBIOS names to clients with DHCP?
5.5. How do I convert between unix and dos text formats?
- -1. Opening a database in 'exclusive' mode does NOT work. Samba ignores - r/w/share modes on file open. - -2. Make sure that you open the database as 'shared' and to 'lock modified - records' - -3. Of course locking must be enabled for the particular share (smb.conf) diff --git a/docs/textdocs/UNIX_SECURITY.txt b/docs/textdocs/UNIX_SECURITY.txt deleted file mode 100644 index 38705f018a..0000000000 --- a/docs/textdocs/UNIX_SECURITY.txt +++ /dev/null @@ -1,54 +0,0 @@ -Contributor: John H Terpstra -Date: July 5, 1998 -Status: Current - -Subject: SETTING UNIX FILE SYSTEM SECURITY -=============================================================================== -The following excerpt from a bug report demonstrates the need to -understand Unix file system security and to manage it correctly. - -Quote: -====== -> We are unable to keep individual users from mapping to any other user's -> home directory once they have supplied a valid password! They only need -> to enter their own password. I have not found *any* method that I can -> use to configure samba to enforce that only a user may map their own -> home directory. -> -> User xyzzy can map his home directory. Once mapped user xyzzy can also map -> *anyone* elses home directory! - -ANSWER: -======= -This is not a security flaw, it is by design. Samba allows -users to have *exactly* the same access to the UNIX filesystem -as they would if they were logged onto the UNIX box, except -that it only allows such views onto the file system as are -allowed by the defined shares. - -This means that if your UNIX home directories are set up -such that one user can happily cd into another users -directory and do an ls, the UNIX security solution is to -change the UNIX file permissions on the users home directories -such that the cd and ls would be denied. - -Samba tries very hard not to second guess the UNIX administrators -security policies, and trusts the UNIX admin to set -the policies and permissions he or she desires. - -Samba does allow the setup you require when you have set the -"only user = yes" option on the share, is that you have not set the -valid users list for the share. - -Note that only user works in conjunction with the users= list, -so to get the behavior you require, add the line : - -users = %S - -this is equivalent to: - -valid users = %S - -to the definition of the [homes] share, as recommended in -the smb.conf man page. - -- cgit