No error given when accessing share belongs to other user after authentication.
Even though the content shown is belong to yourself (the authenticated user) but this give impression to the end-user (the non-IT-user of course) that they can actually access other people files.
Server OS: CentOS 5.4
Client OS: Win7 and WinXP
Samba: 3.5.3 and 3.5.4 (tried on 3.5.3 and upgrade to 3.5.4, problem persist)
workgroup = myWorkgroup
security = user
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
unix password sync = Yes
passwd chat debug = yes
passwd chat timeout = 10
log level = 10
max log size = 50
debug timestamp = yes
browseable = no
writable = yes
valid users = %U
force user = %U
path = %H
Step to reproduce:
1. On the server, create 2 different users (i.e. user1 and user2) and create a password for the samba using smbpasswd
2. On the client, type in "\\ipaddress" from Windows Start->Run, type in user id and password for user1.
3. The explore will show you a folder user1 (Note: only user1).
4. On the client, type in "\\ipaddress\user2" from Windows Start->Run
The explorer will show \\ipaddress\user2 in the address bar but the content shown comes from \\ipaddress\user1.
When we enter \\ipaddress\user2, the explorer shall give an error as user2 folder shall not be accessible by user1.
5. After this when I try to access by typing \\ipaddress from Start->Run, I could see 2 folders user1 and user2.
6. From now on, you always see 2 folders (user1 and user2).
I have sniffed the traffic and check the NetShareEnumAll response and unfortunately the server did return user1 and user2, so this is not a problem on WinXP or Win7.
this is still the same with current 4.13 - if you open a foreign user's home share, then this is being enumerated for the user who opened it from that point on.
Shouldn't the rigt aproach for out special homes share be to only enumerate the authenticated user's home share and not enumerate "accidentally" access foreign home shares?
by the way: the effect that you reported, that *you* home directory is listed when you access a foreign user's homedir, comes probably from the (bad) combination of "force user", "path" and "valid users" parameters. You might want to try to use "valid users = %S".
Still the point that I see is the share enumeration after an attempted access.
I agree with Bjorn, this was caused by misconfiguration of the 'homes' share. Standard on Debian it is this:
comment = Home Directories
browseable = no
read only = yes
create mask = 0700
directory mask = 0700
valid users = %S
There are also these comments:
# By default, \\server\username shares can be connected to by anyone
# with access to the samba server.
# The following parameter makes sure that only "username" can connect
# to \\server\username
So, by my reading and experience, if the 'homes' share is set up as above, there isn't a problem.
If you agree Bjorn, I think we can close this bug report.
Closing, not a bug, invalid configuration.