Bug#410308: [Pkg-samba-maint] Bug#410308:

Christian Perrier bubulle at debian.org
Sun Feb 11 10:49:21 CET 2007


Quoting Daniel Fernández (daniel at z-ha-dum.dyndns.org):
> Well, at least we have the filesystem privileges to protect the
> sensitive data. But I dont like this bug, anyway.


So don't we.

I think it's probably time to apply one of the patches used in Ubuntu:

--- smb.conf~   2007-01-31 06:01:20.973216065 +0100
+++ smb.conf    2007-02-11 10:48:13.463426021 +0100
@@ -223,6 +223,11 @@
 # create dirs. with group=rw permissions, set next parameter to 0775.
    directory mask = 0700

+# Restrict access to home directories
+# to the one of the authenticated user
+# This might need tweaking when using external authentication schemes
+   valid users = %S
+
 # Un-comment the following and create the netlogon directory for Domain Logons
 # (you need to configure Samba to act as a domain controller too.)
 ;[netlogon]



With this, at least the default setup will not expose such valid
system users home directories to others.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20070211/c019c207/attachment-0001.pgp


More information about the Pkg-samba-maint mailing list