[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba-vms
Subject:    RE: Connecting to \\SERVER\system by any user
From:       claude.marinier () dreo ! dnd ! ca (Marinier, M !  Claude, G ! )
Date:       2000-06-12 16:25:53
[Download RAW message or body]

David,

When you do not mount "\\VMS\netuser" first, can you then mount
"\\VMS\cmarinier"? I assume that the answer is "No".

This means that access to other people's files (through the second
un-authenticated mount) is controlled only by VMS file permissions. This
level of access is similar to what you would get if you could login via
telnet (if netuser was allowed to telnet in) _but_ you specifically did
not grant telnet access.

This does not make the ability to mount without authentication any more
acceptable. The default configuration should be less permissive, i.e. the
default should "value users = %S".

Can this be done?

What other effects would this have?

On Mon, 12 Jun 2000, David Taubner wrote:
> My Authorize entry - username=Netuser, "flag=disuser", "priv &
> defpriv=exquota,grpprv,netmbx,tmpmbx", "UIC=[200,200]", "network access only
> (No interactive, batch etc)", "password=thispassword".
> 
> I use Explorer to mount my "Netuser" file share "\\VMS\netuser" - I get
> asked for the username & password - after giving correct information
> (Netuser/thispassword), the file share is mounted.
> 
> As system administrator I happen to know of some other usernames in
> Authorize, say CMarinier, "UIC=[1,11]", who has privileges, but whose
> password I do not know.
> 
> I now use Explorer to mount a second network drive "\\VMS\cmarinier" - I am
> NOT asked for a username or password, but your login directory as specified
> in authorize now appears, and I am able to read ANY of your files or
> subdirectories...

-- 
Claude Marinier, Information Technology Group    claude.marinier@dreo.dnd.ca 
Defence Research Establishment Ottawa (DREO)    (613) 998-4901  FAX 998-2675
3701 Carling Avenue, Ottawa, Ontario  K1A 0Z4         http://www.dreo.dnd.ca

[prev in list] [next in list] [prev in thread] [next in thread]