<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p><span style="font-family:monospace"><span
style="color:#000000;background-color:#ffffff;">Package:
samba-common-bin
</span><br>
Version: 2:4.17.12+dfsg-0+deb12u1
<br>
Severity: normal
<br>
<br>
Dear Maintainer,
<br>
<br>
On a fresh install of Debian, user enters the following command:
<br>
<br>
user@debian:~# net usershare add testing
/home/user/myusershare/ guest_ok=y
<br>
<br>
The resulting usershare generated by Samba is as follows:
<br>
<br>
root@debian:~# cat /var/lib/samba/usershares/testing <br>
#VERSION 2
<br>
path=/home/user/myusershare/
<br>
comment=guest_ok=y
<br>
usershare_acl=S-1-1-0:R
<br>
guest_ok=n
<br>
sharename=testing
<br>
<br>
Note that the 'guest_ok=y' parameter has been parsed as a
comment not as specifying guest access. This appears
inconsistent with the man page for net(8), which suggests
[comment] and [acl<br>
] are *optional* parameters.
The usershare is created with what are presumably default values
for ACL and guest_ok.<br>
<br>
USERSHARE ADD sharename path [comment] [acl] [guest_ok=[y|n]]
<br>
<br>
The only way to ensure the guest_ok=y parameter is correctly
added to the usershare definition is to include both a comment
and an ACL - eg:
<br>
<br>
net usershare add testing /home/user/myusershare mycomment
S-1-1-0:f guest_ok=y
<br>
<br>
This is contrary to the man page which suggests [comment] and
[acl] are optional. This requires user to know what to specify
for ACL, which would require reading various documentation for<br>
most users.
The default values for ACL and guest_ok are unsuitable in this
case.</span></p>
<p><span style="font-family:monospace">This is either a bug in the
software or the man page. The man page could be updated to note
that all 3 parameters must be specified by the user if the user
wishes to specify guest_ok=y.</span></p>
<p><span style="font-family:monospace">Presumably this could impact
any gui tools that rely on net(8) in the background to create
usershares.
<br>
<br>
This is a fresh install of Debian. Testparm output as follows:
<br>
<br>
root@debian:~# testparm
<br>
Load smb config files from /etc/samba/smb.conf
<br>
Loaded services file OK.
<br>
Weak crypto is allowed by GnuTLS (e.g. NTLM as a
compatibility fallback)
<br>
<br>
Server role: ROLE_STANDALONE
<br>
<br>
Press enter to see a dump of your service definitions
<br>
<br>
# Global parameters
<br>
[global]
<br>
interfaces = 127.0.0.0/8 enp1s0
<br>
log file = /var/log/samba/log.%m
<br>
logging = file
<br>
map to guest = Bad User
<br>
max log size = 1000
<br>
obey pam restrictions = Yes
<br>
pam password change = Yes
<br>
panic action = /usr/share/samba/panic-action %d
<br>
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n
*password\supdated\ssuccessfully* .
<br>
passwd program = /usr/bin/passwd %u
<br>
server role = standalone server
<br>
unix password sync = Yes
<br>
usershare allow guests = Yes
<br>
idmap config * : backend = tdb
<br>
<br>
<br>
[homes]
<br>
browseable = No
<br>
comment = Home Directories
<br>
create mask = 0700
<br>
directory mask = 0700
<br>
valid users = %S
<br>
<br>
<br>
[printers]
<br>
browseable = No
<br>
comment = All Printers
<br>
create mask = 0700
<br>
path = /var/tmp
<br>
printable = Yes
<br>
<br>
<br>
[print$]
<br>
comment = Printer Drivers
<br>
path = /var/lib/samba/printers
<br>
<br>
Regards
<br>
Chris
<br>
<br>
-- System Information:
<br>
Debian Release: 12.6
<br>
APT prefers stable-updates
<br>
APT policy: (500, 'stable-updates'), (500, 'stable-security'),
(500, 'stable')
<br>
Architecture: amd64 (x86_64)
<br>
<br>
Kernel: Linux 6.1.0-22-amd64 (SMP w/2 CPU threads; PREEMPT)
<br>
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8),
LANGUAGE=en_AU:en
<br>
Shell: /bin/sh linked to /usr/bin/dash
<br>
Init: systemd (via /run/systemd/system)
<br>
LSM: AppArmor: enabled
<br>
<br>
Versions of packages samba-common-bin depends on:
<br>
ii libbsd0 0.11.7-2
<br>
ii libc6 2.36-9+deb12u7
<br>
ii libcups2 2.4.2-3+deb12u5
<br>
ii libgnutls30 3.7.9-2+deb12u3
<br>
ii libjansson4 2.14-2
<br>
ii libldap-2.5-0 2.5.13+dfsg-5
<br>
ii libncurses6 6.4-4
<br>
ii libpopt0 1.19+dfsg-1
<br>
ii libreadline8 8.2-1.3
<br>
ii libtalloc2 2.4.0-f2
<br>
ii libtdb1 1.4.8-2
<br>
ii libtevent0 0.14.1-1
<br>
ii libtinfo6 6.4-4
<br>
ii libwbclient0 2:4.17.12+dfsg-0+deb12u1
<br>
ii python3 3.11.2-1+b1
<br>
ii python3-samba 2:4.17.12+dfsg-0+deb12u1
<br>
ii samba-common 2:4.17.12+dfsg-0+deb12u1
<br>
ii samba-libs 2:4.17.12+dfsg-0+deb12u1
<br>
<br>
Versions of packages samba-common-bin recommends:
<br>
ii samba-dsdb-modules 2:4.17.12+dfsg-0+deb12u1
<br>
<br>
Versions of packages samba-common-bin suggests:
<br>
pn heimdal-clients <none>
<br>
ii python3-dnspython 2.3.0-1
<br>
ii python3-markdown 3.4.1-2
<br>
<br>
-- no debconf information<br>
<br>
<br>
</span></p>
</body>
</html>