Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Samba HowTo Guide
Prev Home Next

Why Can Users Access Other Users' Home Directories?

We are unable to keep individual users from mapping to any other user's home directory once they have supplied a valid password! They only need to enter their own password. I have not found any method to configure Samba so that users may map only their own home directory.

User xyzzy can map his home directory. Once mapped, user xyzzy can also map anyone else's home directory.

This is not a security flaw, it is by design. Samba allows users to have exactly the same access to the UNIX file system as when they were logged on to the UNIX box, except that it only allows such views onto the file system as are allowed by the defined shares.

If your UNIX home directories are set up so that one user can happily cd into another user's directory and execute ls , the UNIX security solution is to change file permissions on the user's home directories so that the cd and ls are denied.

Samba tries very hard not to second guess the UNIX administrator's security policies and trusts the UNIX admin to set the policies and permissions he or she desires.

Samba allows the behavior you require. Simply put the only user = %S option in the [homes] share definition.

The only user works in conjunction with the users = list, so to get the behavior you require, add the line:

users = %S

This is equivalent to adding

valid users = %S

to the definition of the [homes] share, as recommended in the smb.conf man page.

Samba HowTo Guide
Prev Home Next

 
 
  Published under the terms fo the GNU General Public License Design by Interspire