[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba-vms
Subject:    RE: Connecting to \\SERVER\system by any user
From:       "Boyce, Nick" <nick.boyce () eds ! com>
Date:       2000-06-05 16:18:03
[Download RAW message or body]

On 5th.June.2000 David Taubner wrote :

> We are talking about a non-privileged user (NETMBX,TMPMBX,EXQUOTA), 
> and a UIC such as [360,1].  If logged into VMS this user can see nothing, 
> do nothing.  They cannot even do a directory of Sys$Manager or anyone 
> else's files.  Logging in through Samba gives them access to any directory

> by mapping a drive as someone's username.

[ I hope I'm not confusing the issue here ]  

I just look after the Unix Sambas (Sambae ?) at our site, and I'm not a VMS
guy, but I just checked out our VMS-Samba service, and it doesn't seem to be
suffering from this security weakness.  I asked our VMS-Samba guy, and he
confirmed that we *don't* have the "valid users = %S" line in our VMS
smb.conf, nor has he done anything special to tighten up security.

I first mapped a drive to my own VMS home directory (an unprivileged user)
and then tried to map a drive to \\OURVMS\SYSTEM - it asked me for a
password.   This was on an Alpha machine.  Later on I Telnet'ed into the
same VMS system and found I could do "DIR SYS$MANAGER" without problem, but
I can't write to that place.

Hope this snippet is of some use.
---
Nick Boyce
Systems Team, EDS Healthcare, Bristol, UK

[prev in list] [next in list] [prev in thread] [next in thread]