[prev in list] [next in list] [prev in thread] [next in thread]
List: samba-vms
Subject: RE: Connecting to \\SERVER\system by any user
From: "Boyce, Nick" <nick.boyce () eds ! com>
Date: 2000-06-05 16:18:03
[Download RAW message or body]
On 5th.June.2000 David Taubner wrote :
> We are talking about a non-privileged user (NETMBX,TMPMBX,EXQUOTA),
> and a UIC such as [360,1]. If logged into VMS this user can see nothing,
> do nothing. They cannot even do a directory of Sys$Manager or anyone
> else's files. Logging in through Samba gives them access to any directory
> by mapping a drive as someone's username.
[ I hope I'm not confusing the issue here ]
I just look after the Unix Sambas (Sambae ?) at our site, and I'm not a VMS
guy, but I just checked out our VMS-Samba service, and it doesn't seem to be
suffering from this security weakness. I asked our VMS-Samba guy, and he
confirmed that we *don't* have the "valid users = %S" line in our VMS
smb.conf, nor has he done anything special to tighten up security.
I first mapped a drive to my own VMS home directory (an unprivileged user)
and then tried to map a drive to \\OURVMS\SYSTEM - it asked me for a
password. This was on an Alpha machine. Later on I Telnet'ed into the
same VMS system and found I could do "DIR SYS$MANAGER" without problem, but
I can't write to that place.
Hope this snippet is of some use.
---
Nick Boyce
Systems Team, EDS Healthcare, Bristol, UK
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic