[prev in list] [next in list] [prev in thread] [next in thread]
List: samba-vms
Subject: RE: Connecting to \\SERVER\system by any user
From: claude.marinier () dreo ! dnd ! ca (Marinier, M ! Claude, G ! )
Date: 2000-06-13 17:36:38
[Download RAW message or body]
David,
I re-read your post carefully. The two users in your example belong to
different groups and the un-authenticated share grants read access to
_all_ files. Assuming that most files have the default protection
(RWED,RWED,RE,) and knowing that they do not have and ACLs, you should
not be able to read all the files.
You can double check some of this without setting up Samba. One simple
test is 'DIR /SECURITY /PAGE'; this will confirm what you already know
about ACLs and confirm the protection on the files (which you did not
explicitly mention).
This looks like a serious security problem. We need to proceed with
caution. I know that I have often jumped to conclusions; I would not want
you to waste your time barking up the wrong tree.
Carry on.
On Wed, 14 Jun 2000, David Taubner wrote:
> Claude - sorry not to answer your other question, but yes - the point
> is exactly that all VMS protection is ignored, and more privileges
> than expected are available. Please reread my post carefully. I
> define exactly what privileges and UIC the netuser account has.
On Wed, 14 Jun 2000, David Taubner wrote:
> Claude - I will check out your question thoroughly in the next day or
> so when I have time. I know that Samba startup is run under the
> System account so the SMB demon obviously runs under System. I think
> the processes that get created belong to the user account in question,
> but I don't recall for sure - I don't have the configuration up and
> running right now. I don't know how I would modify any of that...
--
Claude Marinier, Information Technology Group claude.marinier@dreo.dnd.ca
Defence Research Establishment Ottawa (DREO) (613) 998-4901 FAX 998-2675
3701 Carling Avenue, Ottawa, Ontario K1A 0Z4 http://www.dreo.dnd.ca
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic