Bug 6122 - [homes] section allows access to user areas other than that of the connecting user
Summary: [homes] section allows access to user areas other than that of the connecting...
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.2
Classification: Unclassified
Component: File services (show other bugs)
Version: 3.2.5
Hardware: x64 Linux
: P3 normal
Target Milestone: ---
Assignee: John H Terpstra (mail address dead(
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-02-18 17:56 UTC by Ian
Modified: 2010-02-04 14:53 UTC (History)
0 users

See Also:

Attachments
smb.conf (5) manual page changes and additions (1.68 KB, patch)
2009-02-19 11:31 UTC, Ian 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ian 2009-02-18 17:56:28 UTC 
I'm not sure if this is a feature rather than a bug, but I think it may be unexpected behavior to some system administrators.

When using the [homes] section, if user jsmith connects to \\server\jane he can (subject to UNIX permissions) access jane's home directory while authenticated via his own credentials.

This also means that jsmith can access the home directories of system users (again subject to UNIX permissions), for example by connecting to a \\server\mail share using his own credentials.  If a user called mail exists in /etc/passwd the share path will that of the mail user.

The smb.conf manual page lead *me* to believe that when user jsmith connects to a share which is created via the [homes] mechanism, he will be authenticated and then connected to a share in his own name only.  What is actually happening is that jsmith is authenticated first and then /etc/passwd is scanned for a valid user matching the requested share name.  If the requested share name is found in /etc/passwd as a user, then the share is created with a path using the home directory entry in /etc/passwd for the matched user.

From the manual page:

       When the connection request is made, the existing sections are scanned.
       If a match is found, it is used. If no match is found, the requested
       section name is treated as a username and looked up in the local
       password file. If the name exists and the correct password has been
       given, a share is created by cloning the [homes] section.

It's the last sentence in that paragraph that lead me to believe that user jsmith could only connect to \\server\jane by using her credentials rather than his own.

One way to get around this seems to be to use 'path = /home/%u' in the [homes] section of smb.conf.  When this is done, attempted connections to system accounts result in the user actually being connected to their own home directory, as long as the share name looked up via the [homes] mechanism exists in /etc/passwd as a user name.  If no match is found in /etc/passwd an error of NT_STATUS_BAD_NETWORK_NAME is returned.  Further, if jsmith attempts to connect to \\server\dick, where dick is a valid user in /etc/passwd with a home directory of /home/dick, jsmith will still be connected to his own home directory and not dick's home directory when 'path = /home/%u' is present in the [homes] section of smb.conf.

My set-up is 'security = domain' on a Debian system with Samba packages of version 2:3.2.5-4.
Comment 1 Jeremy Allison 2009-02-18 18:27:23 UTC 
This is by design. If you want to write an update to the man page to make it clearer to you it would be gratefully received.
Thanks,
Jeremy.
Comment 2 Ian 2009-02-19 11:31:36 UTC 
Created attachment 3942 [details]
smb.conf (5) manual page changes and additions

Proposed modifications to the smb.conf (5) manual page.
Comment 3 John H Terpstra (mail address dead( 2010-02-04 14:53:48 UTC 
Looks like this has been closed out.