Can access [homes] share - even when "invalid users" set. - security vunerability. Reproduced in version: 3.0.2pre1 Tried to find other installations doing similar things, and couldn't. Lets say there are 2 linux users - masters and keith. There are 2 shares [homes] sharing /homes/<username> - which accesses the logged on user's linux home directory [masters] sharing /disk1/masters - which is readable by all users, updateable by masters. This directory has linux permissions for _user_ masters to update. With Redhat 8, and samba version 2.something _user_ keith had read access to a samba share masters (/disk1/masters). _user_ keith also had full access to the homes share (/home/keith shared as keith) - setup via the netlogon script - net use u: /home /yes _user_ masters had full access to samba masters (/disk1/masters) _user_ masters had no access to a homes directory. This was blocked by the named masters share. This was good, as the user masters was an "admin" type user, and only used to update software in the masters directory. With mostly patched Fedora, and samba 3.0.0-15 _user_ keith still has access to both shares (masters and "keith" as above) _user_ masters only has access to homes "masters" (/home/masters) I now have to use a different mechanism to update the files stored in /disk1/masters. (I'd rather not but ...) I have just replicated the same problem with the most recent version of samba (3.0.2pre1). Things I have tried. 0. RTFM 0.5 - RTF mailing lists 0.75 - RTF bug reports 1. swapping order of [homes] share and [masters] share - no effect 2. Posting a copy of this request for help to the samba general mailing list - no response. 3. placing the _user_ masters in the invalid list for the shares directory. User masters _still_ has access to the homes share (/disk1/homes/masters) According to the online swat documentation "This is really a *paranoid* check to absolutely ensure an improper setting does not breach your security." So I should *not* have had access to /home/masters with this configuration. With this documentation, and the test I have just run, I will soon be loging a security vulnerability bug with samba. with the config file from above with the new homes section now looking like [homes] comment = Home Directories invalid users = masters read only = No browseable = No and a slightly updated masters section looking like [masters] comment = Master Files path = /disk1/masters write list = masters, keith guest ok = Yes Really strange thing though. _Before_ I made masters an invalid user on [homes], in windows explorer the description of _masters_ when logged in as masters was "Home Directories" - fair enough. Now that masters is an _invalid_ user for the [homes] share, the descriptive text is "Master Files", but clicking on the directory takes you to /homes/masters. - bizarre. Previous posting to whirlpool discussion groups and to samba general discussion group User share is preventing access to static share. How do I fix? User (masters) with home directory (/home/masters) the same name as a permanent share (masters - /disk1/masters) is picking up the 'home' share /home/masters directory instead of the 'masters' share. All other users mapping to share masters pick up the correct folder /disk1/masters. Only user masters is getting the incorrect (to my way of thinking) folder. Previously I was running redhat 8.0 with samba 2.something, and this was working fine. User Masters was the only user allowed to update a masters directory. All other users had read only permission to the masters directory and all was good. This is per the documentation for samba 2.0 included in the swat application. I have recently rebuilt the linux server, which is now on fedora 1 samba version: 3.0.0-15. I copied the directories section of smb.conf from the old installation to the new installation. Directory structure for samba shared files are very similar. Windows Client is running win98se, logging onto the samba domain. Just for the record # Samba config file created using SWAT # from 192.168.0.48 (192.168.0.48) # Date: 2004/01/13 22:11:41 # Global parameters [global] workgroup = MONASH server string = Samba Server guest account = guest unix password sync = Yes log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon script = logon.bat domain logons = Yes preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap ssl = no homedir map = /home/%U hosts allow = 192.168.0., 127. [homes] comment = Home Directories read only = No guest ok = Yes browseable = No ... [masters] path = /disk1/masters guest ok = Yes .... [netlogon] comment = Logon Directory path = /etc/samba/netlogon guest ok = Yes logon.bat echo Setting Current Time... net time \\junior /set /yes echo Mapping Network Drives to Samba Server Junior ... net use u: /home /yes net use x: \\junior\masters /yes net use p: \\junior\public /yes net use z: \\junior\masters /yes pause
Copy and paste error - "With this documentation, and the test I have just run, I will soon be loging a security vulnerability bug with samba." No I won't. This line should have been removed before pasting into this bug request.
Created attachment 368 [details] don't create the home directory if a static share already exists
Fixed checked into CVS
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
database cleanup