Bug#410308: [Pkg-samba-maint] Bug#410308:
Christian Perrier
bubulle at debian.org
Sun Feb 11 10:49:21 CET 2007
Quoting Daniel Fernández (daniel at z-ha-dum.dyndns.org):
> Well, at least we have the filesystem privileges to protect the
> sensitive data. But I dont like this bug, anyway.
So don't we.
I think it's probably time to apply one of the patches used in Ubuntu:
--- smb.conf~ 2007-01-31 06:01:20.973216065 +0100
+++ smb.conf 2007-02-11 10:48:13.463426021 +0100
@@ -223,6 +223,11 @@
# create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0700
+# Restrict access to home directories
+# to the one of the authenticated user
+# This might need tweaking when using external authentication schemes
+ valid users = %S
+
# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
With this, at least the default setup will not expose such valid
system users home directories to others.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20070211/c019c207/attachment-0001.pgp
More information about the Pkg-samba-maint
mailing list