SAMBA will allow me to delete files belonging to root - SMB

This is a discussion on SAMBA will allow me to delete files belonging to root - SMB ; Alright, so the server's boot drive decided it was going to crap out. Now I've got everything reinstalled and have reconfigured SAMBA, and it works. BUT, when logged in as guest (the only login SAMBA allows) I can delete files ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: SAMBA will allow me to delete files belonging to root

  1. SAMBA will allow me to delete files belonging to root

    Alright, so the server's boot drive decided it was going to crap out.
    Now
    I've got everything reinstalled and have reconfigured SAMBA, and it
    works.
    BUT, when logged in as guest (the only login SAMBA allows) I can delete
    files belonging to ANYONE. That is, as long as a file is marked writable
    by user (even if it doesn't belong to the "nobody" user that the guest
    account uses), it can be deleted through SAMBA.

    Here's the config for the share:

    [pub2]
    comment = Public Data 2
    browseable = yes
    writable = yes
    guest only = yes
    guest ok = yes
    path = (withheld)

    FYI, I've made path belong to root with universal access. I've also made
    it belong to nobody (which is what the guest account uses) with user only
    write access. Both worked the same.

    I've tried stick bits to no avail, also.

    RedHat 7.2, Samba 2.2.1a

  2. Re: SAMBA will allow me to delete files belonging to root

    In article ,
    nospam@spamsucks.edu says...
    > Alright, so the server's boot drive decided it was going to crap out.
    > Now
    > I've got everything reinstalled and have reconfigured SAMBA, and it
    > works.
    > BUT, when logged in as guest (the only login SAMBA allows) I can delete
    > files belonging to ANYONE. That is, as long as a file is marked writable
    > by user (even if it doesn't belong to the "nobody" user that the guest
    > account uses), it can be deleted through SAMBA.
    >
    > Here's the config for the share:
    >
    > [pub2]
    > comment = Public Data 2
    > browseable = yes
    > writable = yes
    > guest only = yes
    > guest ok = yes
    > path = (withheld)

    First of all, when you ask for help, do not munch names, paths,
    addresses, IP's etc.
    >
    > FYI, I've made path belong to root with universal access. I've also made
    > it belong to nobody (which is what the guest account uses) with user only
    > write access. Both worked the same.
    >
    > I've tried stick bits to no avail, also.
    >
    > RedHat 7.2, Samba 2.2.1a
    >


    --
    Regards,
    Mark
    Samba Setup Guide
    www.samba.netfirms.com

    How To Ask Questions The Smart Way
    http://www.catb.org/~esr/faqs/smart-questions.html

  3. Re: SAMBA will allow me to delete files belonging to root


    "Alfred E. Neuman" wrote in message
    news:Xns93EF98E6B6D21nospamspamsucksorgNe@216.168. 3.44...
    > Alright, so the server's boot drive decided it was going to crap out.
    > Now
    > I've got everything reinstalled and have reconfigured SAMBA, and it
    > works.
    > BUT, when logged in as guest (the only login SAMBA allows) I can delete
    > files belonging to ANYONE. That is, as long as a file is marked writable
    > by user (even if it doesn't belong to the "nobody" user that the guest
    > account uses), it can be deleted through SAMBA.
    >
    > Here's the config for the share:
    >
    > [pub2]
    > comment = Public Data 2
    > browseable = yes
    > writable = yes
    > guest only = yes
    > guest ok = yes
    > path = (withheld)
    >


    Samba should only allow permissions of the guest (nobody) account and not
    give it any more than it normally has. I would look at who the guest account
    is mapped to (maybe guest = root ?). Just create a file on this share and
    have a look at the listing from a Linux console (ls -l). It will tell you
    the guest account is masquarading as.

    > FYI, I've made path belong to root with universal access. I've also made
    > it belong to nobody (which is what the guest account uses) with user only
    > write access. Both worked the same.
    >
    > I've tried stick bits to no avail, also.
    >
    > RedHat 7.2, Samba 2.2.1a




+ Reply to Thread