| 2013-01-14 13:48:29 |
ceg |
bug |
|
|
added bug |
| 2013-01-14 13:50:44 |
ceg |
description |
The reserved system user "nobody" should never be the owner of files. This ensures that the least privileged "nobody" user will never be able to access or even corrupt files. This user may not even be suited for granting public read access, if it is intended to just run unprivileged local deamons.
Samba however creates files as the "nobody" user when samba guests are allowed to create files (e.g. a public share).
Expected:
Samba gets configured to use an appropriate user id for guests that are able to create files. This may be a samba specific user, e.g. "guest user = smbguest" to show the origin of the file, together with "guest group = users (to which all local users should belong, bug #253103)". The latter enables all system users to access/modify/delete the files of smbguest also directly on the filesystem. |
The reserved system user "nobody" should never be the owner of files. This ensures that an access granted with the least privileged "nobody" user will never be able to access or even corrupt files on the system. The "nobody" user may not even be suited for granting public read access, if it is intended to just run unprivileged local deamons.
Samba however creates files as the "nobody" user when samba guests are allowed to create files (e.g. a public share).
Expected:
Samba gets configured to use an appropriate user id for guests that are able to create files. This may be a samba specific user, e.g. "guest user = smbguest" to show the origin of the file, together with "guest group = users (to which all local users should belong, bug #253103)". The latter enables all system users to access/modify/delete the files of smbguest also directly on the filesystem. |
|
| 2013-01-14 13:53:46 |
ceg |
description |
The reserved system user "nobody" should never be the owner of files. This ensures that an access granted with the least privileged "nobody" user will never be able to access or even corrupt files on the system. The "nobody" user may not even be suited for granting public read access, if it is intended to just run unprivileged local deamons.
Samba however creates files as the "nobody" user when samba guests are allowed to create files (e.g. a public share).
Expected:
Samba gets configured to use an appropriate user id for guests that are able to create files. This may be a samba specific user, e.g. "guest user = smbguest" to show the origin of the file, together with "guest group = users (to which all local users should belong, bug #253103)". The latter enables all system users to access/modify/delete the files of smbguest also directly on the filesystem. |
The reserved system user "nobody" should never be the owner of files. This ensures that an access granted with the least privileged "nobody" user will never be able to access or even corrupt files on the system. The "nobody" user may not even be suited for granting public read access, if it is intended to just run unprivileged local deamons.
Samba however creates files as the "nobody" user when samba guests are allowed to create files (e.g. a public share).
Expected:
Samba gets configured to use an appropriate user id for guests that are able to create files. This may be a samba specific user, e.g. "guest user = smbguest" to show the origin of the file, together with "guest group = users (to which all local users should belong, bug #253103)". The latter enables all system users to access/modify/delete the files of smbguest also directly on the filesystem (without going through samba shares that may have been enabled only temporarily). |
|
| 2013-01-14 13:54:35 |
ceg |
summary |
samba maps guest user to reserved user "nobody" |
samba maps guest users to reserved user "nobody" |
|
| 2013-01-15 09:05:44 |
Yolanda Robla |
samba (Ubuntu): status |
New |
Confirmed |
|
| 2013-01-15 09:05:47 |
Yolanda Robla |
samba (Ubuntu): importance |
Undecided |
Medium |
|
