[Pkg-samba-maint] home shares enabled by default?

Christian Perrier bubulle at debian.org
Wed Dec 12 17:37:08 UTC 2007 

Quoting Steve Langasek (vorlon at debian.org):

> > I don't really see that bug as a security issue, but more confusion
> > induced by the homes share being enabled and the user creating another
> > share with his login name as share name.
> 
> I mean that it can be a security issue in the sense that admins may not
> realize that these home directories can be accessed remotely; perhaps ssh is
> disabled and logins are only allowed locally, but home directories can still
> be accessed via Samba by someone with a user's password.  But yes, as a
> security issue it's certainly low-impact.

Yep, that's a point. And, looking deeper, we might easily find other
packages where the Debian default setting are more strict than
upstream's ones.

> > > should be fixed; the only sensible precedence order is for
> > > statically-defined shares in smb.conf to take precedence over autoshares.
> > > (net usershares are another matter...)
> 
> > I suspect some hot discussion with upstream here. That practice is
> > long-established one so all experienced samba admins know about this.
> 
> Well, there don't seem to have been any loud objections from upstream to the
> Ubuntu defaults.

Sure, but here you proposed that we report to upstream that static
shares should take precedence over auto-shares. *That* could be tricky
to push, mostly because that means upstream to accept potentially
breaking some existing setups (those where static shares duplicate
auto-shares and are therefore useless but still...).

> > > Would it be appropriate to comment out the [homes] shares to match the
> > > Windows default behavior, or do you guys think that the Samba upstream
> > > behavior is correct?
> 
> > Well, given that "home" directories for Windows users are quite a
> > different concept and, indeed, most of them being network shares in
> > corporate environements (to allow roaming), I think that this argument
> > has low weight.
> 
> > I'm not really keen to change the default and no longer share home
> > directories as long as upstream still shares them by default.
> 
> I understand.  It seems that opinion is split, then, with Eloy in favor and
> you opposed.  Myself, I have no strong opinion in either direction, my
> interest is only in trying to find a solution that lets us drop the diff
> between Debian and Ubuntu. :)
> 
> Is it realistic that further discussion here will lead us to a consensus, or
> should we accept living with this Ubuntu delta for the time being?

Yes, it is realistic. First, with your will to minimize the
Ubuntu/Debian diff, you push the balance towards disabling
auto-homes. Then, we haven't heard anything from others (Noel, Peter?
Still alive?). And finally, I'm not strongly hanged to my position, so
you have a have to "win" on that one, really..:-)...I am also in favor
of minimizing the delta between U and D.....



-- 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20071212/6b2db049/attachment.pgp

More information about the Pkg-samba-maint mailing list