[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba-vms
Subject:    RE: Connecting to \\SERVER\system by any user
From:       David Taubner <DTaubner () exchange ! hsc ! mb ! ca>
Date:       2000-06-13 14:14:18
[Download RAW message or body]

Peter - please read my post again - I don't believe you understand it.
Saying:

"VMS, like Unix and most other operating systems of any merit, has the
concept of file permissions.  The feature exists for a reason.  Use it." -

is simply rudeness.  As I indicated in my post, I *was* using the "concept
of file permissions".  All directories/files have mutually exclusive UICs,
limited privileges and access limitations and do not give ACL access to the
test user in my test scenario.

Nevertheless, I thank you for your advice.

David Taubner
Systems Administrator
Health Sciences Centre


-----Original Message-----
From: Peter Samuelson [mailto:peter@cadcamlab.org]
Sent: Tuesday, June 13, 2000 7:25 AM
To: DTaubner@exchange.hsc.mb.ca
Cc: Multiple recipients of list SAMBA-VMS
Subject: RE: Connecting to \\SERVER\system by any user



[David Taubner <DTaubner@exchange.hsc.mb.ca>]
> To clarify - as I stated in my message - without "valid users = %S"
> in the [Homes] section of "Smb.conf" ANY user's directory can be
> mounted and viewed.  I did not check if I could create files, but I
> did open files and read them with a Windows editor.  I believe I had
> full access.

Maybe you did and maybe you didn't, did you check?

VMS, like Unix and most other operating systems of any merit, has the
concept of file permissions.  The feature exists for a reason.  Use it.

If your filesystem designates that all users have read access to each
other's home directories, that's what you get.  If your filesystem
designates that everyone can *write* to each other's home directories,
*that*'s what you get.  Same with delete, etc.

In other words, Samba gives you the same access as DCL would give you.
And the same as FTP would give you.  Etc.

If you don't want to go fiddling with ACLs and permission masks, by all
means use `valid users = %S'.  But I think the Samba default behavior
is quite reasonable.  It makes Samba behave like all other login
services.  (Or do you think DCL as well should default to not letting
people access files outside their home directories?)

Peter

[prev in list] [next in list] [prev in thread] [next in thread]