Samba Authentication and export Issue??

[dukat]

Hi,

I've set up a dedicated core with two password-protected users, "dukat" and "trine".

When I connect to the core via a regular PC, I can see four shares: home, public, dukat, and trine.
So user "dukat" should not be able to see "trine"'s files. But there's also the "home" export on the core and as the share level in smb.con on the core is set to "user", every valid Pluto user can access this. And here he gains access to all home folders on the core. Not only can "dukat" access "trine"'s private files (under /home/user_2) but also access all home directories of all system users that might have been created outside of Pluto! What's the home export for anyway? Does LinuxMCE use it? Otherwise it should be disabled.

Is this behaviour intended? I hardly can believe that, so I would call this a serious security bug. Maybe my configuration is messed up, in case here's my core's smb.conf:

Code: [Select]

## @FileType: Pluto Sectioned Config File ##
## @Version: 1 ##
## @KeepSections: ##
## @RemoveSections: ##

[global]
## BEGIN : Domain and Hostname

        workgroup = LinuxMCE
        server string = dcerouter
        netbios name = dcerouter

## END : Domain and Hostname
        smb ports = 139
        log level = 2
        invalid users = root
        log file = /var/log/samba/log.%m
        max log size = 1000
        syslog = 0
        encrypt passwords = true
        socket options = TCP_NODELAY
        dns proxy = no
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
        username map = /etc/samba/usermap.txt
        unix extensions = yes
        security = user

[public]
        comment = public files
        browseable = yes
        writable = yes
        create mask = 0777
        directory mask = 0777
        path = /home/public/data
        public = no
        follow symlinks = yes
        wide links = yes

[home]
        comment = shared home files
        browsable = yes
        writable = yes
        path = /home
        public = no
        guest ok = no
        force user = root
        force group = public
        create mask = 0774
        directory mask = 0775
        inherit acls = yes
        inherit uid = yes
        inherit owner = yes
        inherit permissions = yes


## BEGIN : User Shares


                [dukat]
                comment = dukat's private files
                browseable = yes
                writable = yes
                create mask = 0770
                directory mask = 0770
                path = /home/user_1
                public = no


                [trine]
                comment = trine's private files
                browseable = yes
                writable = yes
                create mask = 0770
                directory mask = 0770
                path = /home/user_2
                public = no

## END : User Shares


## BEGIN : InternalStorageDevices

## END : InternalStorageDevices


[oliver]

Hi,

I kind of played around with different sambs configurations in the last little while. Myself, well I'm not a linux expert but I would say, if you "force root" in your the "home" section of the config file you will have the effect that everybody can see and do everything.

Or let's just say "force root" is a bad idea anyway.

http://www.howtoforge.com/ubuntu-gutsy-samba-standalone-server-with-tdbsam-backend

Here an example where the users auth. is been used to deal with permissions etc. Sorry I can't remember if this worked, have to clean up my bookmarks I guess, but it is a start anyway and there is always google. 

Cheers Oliver