[Pkg-samba-maint] Bug#1076495: samba-common-bin: net usershare guest_ok paramter is parsed as a comment

debian-reportbug at mx.brindabella.org debian-reportbug at mx.brindabella.org
Wed Jul 17 09:04:29 BST 2024 

Package: samba-common-bin
Version: 2:4.17.12+dfsg-0+deb12u1
Severity: normal

Dear Maintainer,

On a fresh install of Debian, user enters the following command:

    user at debian:~# net usershare add testing /home/user/myusershare/ 
guest_ok=y

The resulting usershare generated by Samba is as follows:

    root at debian:~# cat /var/lib/samba/usershares/testing
    #VERSION 2
    path=/home/user/myusershare/
    comment=guest_ok=y
    usershare_acl=S-1-1-0:R
    guest_ok=n
    sharename=testing

Note that the 'guest_ok=y' parameter has been parsed as a comment not as 
specifying guest access.  This appears inconsistent with the man page 
for net(8), which suggests [comment] and [acl
] are *optional* parameters. The usershare is created with what are 
presumably default values for ACL and guest_ok.

    USERSHARE ADD sharename path [comment] [acl] [guest_ok=[y|n]]

The only way to ensure the guest_ok=y parameter is correctly added to 
the usershare definition is to include both a comment and an ACL - eg:

    net usershare add testing /home/user/myusershare mycomment S-1-1-0:f 
guest_ok=y

This is contrary to the man page which suggests [comment] and [acl] are 
optional.  This requires user to know what to specify for ACL, which 
would require reading various documentation for
most users. The default values for ACL and guest_ok are unsuitable in 
this case.

This is either a bug in the software or the man page.  The man page 
could be updated to note that all 3 parameters must be specified by the 
user if the user wishes to specify guest_ok=y.

Presumably this could impact any gui tools that rely on net(8) in the 
background to create usershares.

This is a fresh install of Debian. Testparm output as follows:

    root at debian:~# testparm
    Load smb config files from /etc/samba/smb.conf
    Loaded services file OK.
    Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility 
fallback)

    Server role: ROLE_STANDALONE

    Press enter to see a dump of your service definitions

    # Global parameters
    [global]
           interfaces = 127.0.0.0/8 enp1s0
           log file = /var/log/samba/log.%m
           logging = file
           map to guest = Bad User
           max log size = 1000
           obey pam restrictions = Yes
           pam password change = Yes
           panic action = /usr/share/samba/panic-action %d
           passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
           passwd program = /usr/bin/passwd %u
           server role = standalone server
           unix password sync = Yes
           usershare allow guests = Yes
           idmap config * : backend = tdb


    [homes]
           browseable = No
           comment = Home Directories
           create mask = 0700
           directory mask = 0700
           valid users = %S


    [printers]
           browseable = No
           comment = All Printers
           create mask = 0700
           path = /var/tmp
           printable = Yes


    [print$]
           comment = Printer Drivers
           path = /var/lib/samba/printers

Regards
Chris

-- System Information:
Debian Release: 12.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-22-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages samba-common-bin depends on:
ii  libbsd0        0.11.7-2
ii  libc6          2.36-9+deb12u7
ii  libcups2       2.4.2-3+deb12u5
ii  libgnutls30    3.7.9-2+deb12u3
ii  libjansson4    2.14-2
ii  libldap-2.5-0  2.5.13+dfsg-5
ii  libncurses6    6.4-4
ii  libpopt0       1.19+dfsg-1
ii  libreadline8   8.2-1.3
ii  libtalloc2     2.4.0-f2
ii  libtdb1        1.4.8-2
ii  libtevent0     0.14.1-1
ii  libtinfo6      6.4-4
ii  libwbclient0   2:4.17.12+dfsg-0+deb12u1
ii  python3        3.11.2-1+b1
ii  python3-samba  2:4.17.12+dfsg-0+deb12u1
ii  samba-common   2:4.17.12+dfsg-0+deb12u1
ii  samba-libs     2:4.17.12+dfsg-0+deb12u1

Versions of packages samba-common-bin recommends:
ii  samba-dsdb-modules  2:4.17.12+dfsg-0+deb12u1

Versions of packages samba-common-bin suggests:
pn  heimdal-clients    <none>
ii  python3-dnspython  2.3.0-1
ii  python3-markdown   3.4.1-2

-- no debconf information

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20240717/2945821a/attachment.htm>

More information about the Pkg-samba-maint mailing list