[Pkg-samba-maint] Bug#678616: Bug#678616: default guest user "nobody"

email.bug at arcor.de email.bug at arcor.de
Sat Jun 23 15:43:22 UTC 2012

> But the samba package doesn't create any file belonging to "nobody",
> and doesn't even allow doing so, as it doesn't create any writable
> public share.

If you have local users on the machine, it is a typical scenario that
a usershare is created (More often through the filemanger features
than using "net usershare" directly.)

To avoid permission hassle and giving out of passwords, guest
write access may be granted. (Could be in a temporary setup or
in a secure environment.)

What happens now is, the samba guest saves a file in the
public share, and no user (but the literal "nobody") has 
access to the file (not even the user that created the share).

However, not providing a proper default guest mapping
probably breaks all default installs quite into pieces, not
only usershare setups.

As the nobody user and nogroup should by definition not
contain any real members, I don't think the old default
serves anybody.

Just because the default is not well chosen everybody
has to stumble over the problem, find a guest mapping
and adjust the smb.conf, that is otherwise working
very well for out of the box usershare creation
now, thanks to your latest adaption!

IMHO dropping privileges to, and becoming nobody may make sense for
part of (network) deamons that don't create files, to shield
real data from them, but not for a file server with the objective
to write files on behalf of users.

> Any admin is entitled to do whatever customization suits his|her needs
> and,

Of course, but it does not mean that debian should not come with a solid
default configuration.
I believe we have come a long way towards a robust default already, 
please think about tacking the last thing as well.


More information about the Pkg-samba-maint mailing list