[Pkg-samba-maint] home shares enabled by default?

Steve Langasek vorlon at debian.org
Wed Dec 12 08:59:41 UTC 2007


On Wed, Dec 05, 2007 at 10:28:03AM +0530, Christian Perrier wrote:
> Quoting Steve Langasek (vorlon at debian.org):

> > In https://launchpad.net/bugs/27608, security is one of the issues
> > contributing to Ubuntu disabling [homes] by default, but there are others.

> I don't really see that bug as a security issue, but more confusion
> induced by the homes share being enabled and the user creating another
> share with his login name as share name.

I mean that it can be a security issue in the sense that admins may not
realize that these home directories can be accessed remotely; perhaps ssh is
disabled and logins are only allowed locally, but home directories can still
be accessed via Samba by someone with a user's password.  But yes, as a
security issue it's certainly low-impact.

> > I think the first issue should be regarded as a bug in Samba regardless and
> > should be fixed; the only sensible precedence order is for
> > statically-defined shares in smb.conf to take precedence over autoshares.
> > (net usershares are another matter...)

> I suspect some hot discussion with upstream here. That practice is
> long-established one so all experienced samba admins know about this.

Well, there don't seem to have been any loud objections from upstream to the
Ubuntu defaults.

> > Would it be appropriate to comment out the [homes] shares to match the
> > Windows default behavior, or do you guys think that the Samba upstream
> > behavior is correct?

> Well, given that "home" directories for Windows users are quite a
> different concept and, indeed, most of them being network shares in
> corporate environements (to allow roaming), I think that this argument
> has low weight.

> I'm not really keen to change the default and no longer share home
> directories as long as upstream still shares them by default.

I understand.  It seems that opinion is split, then, with Eloy in favor and
you opposed.  Myself, I have no strong opinion in either direction, my
interest is only in trying to find a solution that lets us drop the diff
between Debian and Ubuntu. :)

Is it realistic that further discussion here will lead us to a consensus, or
should we accept living with this Ubuntu delta for the time being?

Cheers,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org



More information about the Pkg-samba-maint mailing list