On Mon, Nov 15, 2004 at 11:16:06AM +0100, Uwe Zeisberger wrote:
> I don't have investigated much (yet), but see the following alarming
> transscript:

> root@cepheus:~# smbclient -L 127.0.0.1 -U zeisberg
> Password:
> Domain=[CEPHEUS] OS=[Unix] Server=[Samba 3.0.7-Debian]

>         Sharename       Type      Comment
>         ---------       ----      -------
>         IPC$            IPC       IPC Service (cepheus)
>         ADMIN$          IPC       IPC Service (cepheus)
>         zeisberg        Disk      Home Directories
> Domain=[CEPHEUS] OS=[Unix] Server=[Samba 3.0.7-Debian]
> 
>         Server               Comment
>         ---------            -------
> 
>         Workgroup            Master
>         ---------            -------
>         MALIBU               CEPHEUS

> root@cepheus:~# mountpoint /mnt
> /mnt is not a mountpoint

> root@cepheus:~# mount -t cifs //127.0.0.1/man /mnt -o user=zeisberg
> Password:

> root@cepheus:~# mountpoint /mnt
> /mnt is a mountpoint

> root@cepheus:~# mount | grep cifs
> //127.0.0.1/man on /mnt type cifs (rw,mand)

> root@cepheus:~# ls /mnt
> X11R6  cat2  cat4  cat6  cat8  fsstnd    local
> cat1   cat3  cat5  cat7  cat9  index.db  opt

> root@cepheus:~# touch /var/cache/man/isitthisdir

> root@cepheus:~# ls /mnt
> X11R6  cat2  cat4  cat6  cat8  fsstnd    isitthisdir  opt
> cat1   cat3  cat5  cat7  cat9  index.db  local

> root@cepheus:~# rm /mnt/isitthisdir
> rm: cannot remove `/mnt/isitthisdir': Permission denied

> root@cepheus:~# egrep -v '^ *([#;].*)?$' /etc/samba/smb.conf
> [global]
>    workgroup = malibu
>    server string = %h
>    wins support = no
>    dns proxy = no
>    log file = /var/log/samba/log.%m
>    max log size = 1000
>    syslog = 0
>    panic action = /usr/share/samba/panic-action %d
>    security = user
>    encrypt passwords = true
>    passdb backend = tdbsam guest
>    obey pam restrictions = yes
>    invalid users = root
>    passwd program = /usr/bin/passwd %u
>    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
> [homes]
>    comment = Home Directories
>    browseable = no
>    writable = yes
>    create mask = 0700
>    directory mask = 0700

> from the logs:
> [2004/11/14 13:55:59, 1] smbd/service.c:make_connection_snum(648)
>   127.0.0.1 (127.0.0.1) connect to service man initially as user zeisberg (uid=1000, gid=100) (pid 3373)

> This attracted my attention while a WinXP-Box showed apart from my
> homedir the directory 'man at cepheus'.

> This is not too dangerous in my case, because is seems/is read-only,
> there is no precious data in this location and there is no internet
> connection. But maybe there are other cases and machines, where there
> could be done (more) harm.

This is not a bug.  If you don't want user homedirs to be exported, disable
(or change the permissions on) the [homes] share in your smb.conf.  There is
no way for samba to guess which users' homes you do or don't want to export.

It remains a reasonable default for Debian to enable the [homes] share by
default, because it approximates the needs of most users for user home
directory exports and there is zero privilege escalation compared with
normal shell access.  If the [homes] share is giving authenticated users
access to files that you don't want them to have access to, this is almost
certainly a file permission problem, not a Samba permission problem.

-- 
Steve Langasek
postmodern programmer