Ubuntu
samba package

  1. Bug #10304
  2. Comment #3

Comment 3 for bug 10304

Revision history for this message
In , Steve Langasek (vorlon) wrote : Re: Bug#281345: can mount a non-shared directory

On Mon, Nov 15, 2004 at 11:16:06AM +0100, Uwe Zeisberger wrote:
> I don't have investigated much (yet), but see the following alarming
> transscript:

> root@cepheus:~# smbclient -L 127.0.0.1 -U zeisberg
> Password:
> Domain=[CEPHEUS] OS=[Unix] Server=[Samba 3.0.7-Debian]

> Sharename Type Comment
> --------- ---- -------
> IPC$ IPC IPC Service (cepheus)
> ADMIN$ IPC IPC Service (cepheus)
> zeisberg Disk Home Directories
> Domain=[CEPHEUS] OS=[Unix] Server=[Samba 3.0.7-Debian]
>
> Server Comment
> --------- -------
>
> Workgroup Master
> --------- -------
> MALIBU CEPHEUS

> root@cepheus:~# mountpoint /mnt
> /mnt is not a mountpoint

> root@cepheus:~# mount -t cifs //127.0.0.1/man /mnt -o user=zeisberg
> Password:

> root@cepheus:~# mountpoint /mnt
> /mnt is a mountpoint

> root@cepheus:~# mount | grep cifs
> //127.0.0.1/man on /mnt type cifs (rw,mand)

> root@cepheus:~# ls /mnt
> X11R6 cat2 cat4 cat6 cat8 fsstnd local
> cat1 cat3 cat5 cat7 cat9 index.db opt

> root@cepheus:~# touch /var/cache/man/isitthisdir

> root@cepheus:~# ls /mnt
> X11R6 cat2 cat4 cat6 cat8 fsstnd isitthisdir opt
> cat1 cat3 cat5 cat7 cat9 index.db local

> root@cepheus:~# rm /mnt/isitthisdir
> rm: cannot remove `/mnt/isitthisdir': Permission denied

> root@cepheus:~# egrep -v '^ *([#;].*)?$' /etc/samba/smb.conf
> [global]
> workgroup = malibu
> server string = %h
> wins support = no
> dns proxy = no
> log file = /var/log/samba/log.%m
> max log size = 1000
> syslog = 0
> panic action = /usr/share/samba/panic-action %d
> security = user
> encrypt passwords = true
> passdb backend = tdbsam guest
> obey pam restrictions = yes
> invalid users = root
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
> create mask = 0700
> directory mask = 0700

> from the logs:
> [2004/11/14 13:55:59, 1] smbd/service.c:make_connection_snum(648)
> 127.0.0.1 (127.0.0.1) connect to service man initially as user zeisberg (uid=1000, gid=100) (pid 3373)

> This attracted my attention while a WinXP-Box showed apart from my
> homedir the directory 'man at cepheus'.

> This is not too dangerous in my case, because is seems/is read-only,
> there is no precious data in this location and there is no internet
> connection. But maybe there are other cases and machines, where there
> could be done (more) harm.

This is not a bug. If you don't want user homedirs to be exported, disable
(or change the permissions on) the [homes] share in your smb.conf. There is
no way for samba to guess which users' homes you do or don't want to export.

It remains a reasonable default for Debian to enable the [homes] share by
default, because it approximates the needs of most users for user home
directory exports and there is zero privilege escalation compared with
normal shell access. If the [homes] share is giving authenticated users
access to files that you don't want them to have access to, this is almost
certainly a file permission problem, not a Samba permission problem.

--
Steve Langasek
postmodern programmer