Re: GNOME-Samba interface



> > 	Well, the more distribution-independent way would be avoid the use
> > of init scripts altogether and launch smbd with your own script.  Then it
> > boils down to looking for smbd in the right places (to launch it), and
> > issuing a "killall smbd" to kill it.
> 
> Except that Samba needs to start at boot time, not when GNOME starts.

	Just because Samba is initially started by init through
/etc/rc.d/init.d/smb at bootup, doesn't mean you must use that script
every time you want to start/stop the smbd daemon.

	Using the init scripts may well turn out to be the cleanest
method, though--you'll just have to know how the scripts work with every
distribution of Unix.

> True, but that is not good enough; we should also be able to select
> specific connections (analyze the output of smbstatus, or use the
> smbstatus routines internal to Samba) and nuke them which would require
> root as well. 

	Sounds complicated.  For a first version, I'd just kill the smbd
server (thus closing all connections) and restart it with the new smb.conf
file.

> > > 3) The smb.conf file uses a similar configuration to the gnome-config
> > > module, only it is much less strict. It allows spaces just about anywhere
> > > and allows # and ; to show comments. I tried loading one into the
> > > gnome-config and it just quit when it came across a comment. Fortunately,
> > > smb.conf has an include statement so that other files can be loaded right
> > > in. While it would be okay for non-root users to edit a config file to be
> > > included in smb.conf, smb.conf itself cannot be edited by anyone except
> > > root, so it is not possible to change "profiles" if you are not root. And
> > > again, it takes root perms to force these changes into effect.
> 
> Look at the source of smbpasswd; it contains simple code to read the
> smbpasswd file.  If you *really* want to parse this sucker, it may be a
> good idea to simply link against the Samba parsing objects (the new 2.0
> and CVS code bases are very programmer-friendly [unlike the pre-2.0 code
> which was a nightmare of spaghetti]) 

	I may be misunderstanding you here, but what does parsing the
smbpasswd file have to do with parsing smb.conf?

> > 1) Allowing a regular user to "share" a directory, ANY directory (whether
> > its their own or not) is a serious security risk.  A cracker could
> > theoretically get full access to your filesystem if things are set up
> > improperly in your smb.conf, so allowing normal users to mess with it is
> > a no-no.
> 
> Or, at least, a feature which should be reserved for the next incarnation
> of this project.

	If this Samba/GMC interface makes it into the 'standard'
distribution of Gnome and it allows a normal user to export SMB shares,
many people will forever view Gnome security as pitiful as MS Windows
security.

	If you want to export an SMB share, you should know the root
password.  Period.  The only other secure option would be to devise a
grandiose security scheme where users would somehow only be able to export
directories which they own, but off the top of my head I don't see how you
could do that with Samba...


--Derek



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]