Why Can Users Access Other Users' Home Directories?
We are unable to keep individual users from mapping to any other user's home directory once they have
supplied a valid password! They only need to enter their own password. I have not found any method to
configure Samba so that users may map only their own home directory.
User xyzzy can map his home directory. Once mapped, user xyzzy can also map anyone else's home directory.
This is not a security flaw, it is by design. Samba allows users to have exactly the same access to the UNIX
file system as when they were logged on to the UNIX box, except that it only allows such views onto the file
system as are allowed by the defined shares.
If your UNIX home directories are set up so that one user can happily
into another user's directory and execute
, the UNIX security solution is to change file
permissions on the user's home directories so that the
Samba tries very hard not to second guess the UNIX administrator's security policies and
trusts the UNIX admin to set the policies and permissions he or she desires.
Samba allows the behavior you require. Simply put the
only user = %S
option in the
only user works in conjunction with the
users = list,
so to get the behavior you require, add the line:
This is equivalent to adding
to the definition of the
share, as recommended in
smb.conf man page.