</listitem>
</itemizedlist>
+</sect1>
+
+<sect1>
+<title>Microsoft Access database opening errors</title>
+
+<para>
+Here are some notes on running MS-Access on a Samba drive from <ulink url="stefank@esi.com.au">Stefan Kjellberg</ulink>
+</para>
+
+<para><simplelist>
+<member>Opening a database in 'exclusive' mode does NOT work. Samba ignores r/w/share modes on file open.</member>
+<member>Make sure that you open the database as 'shared' and to 'lock modified records'</member>
+<member>Of course locking must be enabled for the particular share (smb.conf)</member>
+</simplelist>
+</para>
+
</sect1>
</chapter>
</sect1>
+<sect1>
+<title>The data on the CD-Drive I've shared seems to be corrupted!</title>
+
+<para>
+Some OSes (notably Linux) default to auto detection of file type on
+cdroms and do cr/lf translation. This is a very bad idea when use with
+Samba. It causes all sorts of stuff ups.
+</para>
+
+<para>
+To overcome this problem use conv=binary when mounting the cdrom
+before exporting it with Samba.
+</para>
+
+</sect1>
+
+<sect1>
+<title>Why can users access home directories of other users?</title>
+
+<para>
+<quote>
+We are unable to keep individual users from mapping to any other user's
+home directory once they have supplied a valid password! They only need
+to enter their own password. I have not found *any* method that I can
+use to configure samba to enforce that only a user may map their own
+home directory.
+</quote>
+</para>
+
+<para><quote>
+User xyzzy can map his home directory. Once mapped user xyzzy can also map
+*anyone* elses home directory!
+</quote></para>
+
+<para>
+This is not a security flaw, it is by design. Samba allows
+users to have *exactly* the same access to the UNIX filesystem
+as they would if they were logged onto the UNIX box, except
+that it only allows such views onto the file system as are
+allowed by the defined shares.
+</para>
+
+<para>
+This means that if your UNIX home directories are set up
+such that one user can happily cd into another users
+directory and do an ls, the UNIX security solution is to
+change the UNIX file permissions on the users home directories
+such that the cd and ls would be denied.
+</para>
+
+<para>
+Samba tries very hard not to second guess the UNIX administrators
+security policies, and trusts the UNIX admin to set
+the policies and permissions he or she desires.
+</para>
+
+<para>
+Samba does allow the setup you require when you have set the
+"only user = yes" option on the share, is that you have not set the
+valid users list for the share.
+</para>
+
+<para>
+Note that only user works in conjunction with the users= list,
+so to get the behavior you require, add the line :
+<programlisting>
+users = %S
+</programlisting>
+this is equivalent to:
+<programlisting>
+valid users = %S
+</programlisting>
+to the definition of the [homes] share, as recommended in
+the smb.conf man page.
+</para>
+
+</sect1>
</chapter>
></LI
></UL
></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN190"
+></A
+>3.3. Microsoft Access database opening errors</H1
+><P
+>Here are some notes on running MS-Access on a Samba drive from <A
+HREF="stefank@esi.com.au"
+TARGET="_top"
+>Stefan Kjellberg</A
+></P
+><P
+><P
+></P
+><TABLE
+BORDER="0"
+><TBODY
+><TR
+><TD
+>Opening a database in 'exclusive' mode does NOT work. Samba ignores r/w/share modes on file open.</TD
+></TR
+><TR
+><TD
+>Make sure that you open the database as 'shared' and to 'lock modified records'</TD
+></TR
+><TR
+><TD
+>Of course locking must be enabled for the particular share (smb.conf)</TD
+></TR
+></TBODY
+></TABLE
+><P
+></P
+></P
+></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><H1
CLASS="SECT1"
><A
-NAME="AEN192"
+NAME="AEN201"
></A
>4.1. Not listening for calling name</H1
><P
><H1
CLASS="SECT1"
><A
-NAME="AEN199"
+NAME="AEN208"
></A
>4.2. System Error 1240</H1
><P
><H1
CLASS="SECT1"
><A
-NAME="AEN206"
+NAME="AEN215"
></A
>4.3. smbclient ignores -N !</H1
><P
to null, and this is not accepted as an anonymous login for most
SMB servers.</P
></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN224"
+></A
+>4.4. The data on the CD-Drive I've shared seems to be corrupted!</H1
+><P
+>Some OSes (notably Linux) default to auto detection of file type on
+cdroms and do cr/lf translation. This is a very bad idea when use with
+Samba. It causes all sorts of stuff ups.</P
+><P
+>To overcome this problem use conv=binary when mounting the cdrom
+before exporting it with Samba.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN228"
+></A
+>4.5. Why can users access home directories of other users?</H1
+><P
+><SPAN
+CLASS="QUOTE"
+>"We are unable to keep individual users from mapping to any other user's
+home directory once they have supplied a valid password! They only need
+to enter their own password. I have not found *any* method that I can
+use to configure samba to enforce that only a user may map their own
+home directory."</SPAN
+></P
+><P
+><SPAN
+CLASS="QUOTE"
+>"User xyzzy can map his home directory. Once mapped user xyzzy can also map
+*anyone* elses home directory!"</SPAN
+></P
+><P
+>This is not a security flaw, it is by design. Samba allows
+users to have *exactly* the same access to the UNIX filesystem
+as they would if they were logged onto the UNIX box, except
+that it only allows such views onto the file system as are
+allowed by the defined shares.</P
+><P
+>This means that if your UNIX home directories are set up
+such that one user can happily cd into another users
+directory and do an ls, the UNIX security solution is to
+change the UNIX file permissions on the users home directories
+such that the cd and ls would be denied.</P
+><P
+>Samba tries very hard not to second guess the UNIX administrators
+security policies, and trusts the UNIX admin to set
+the policies and permissions he or she desires.</P
+><P
+>Samba does allow the setup you require when you have set the
+"only user = yes" option on the share, is that you have not set the
+valid users list for the share.</P
+><P
+>Note that only user works in conjunction with the users= list,
+so to get the behavior you require, add the line :
+<PRE
+CLASS="PROGRAMLISTING"
+>users = %S</PRE
+>
+this is equivalent to:
+<PRE
+CLASS="PROGRAMLISTING"
+>valid users = %S</PRE
+>
+to the definition of the [homes] share, as recommended in
+the smb.conf man page.</P
+></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
HREF="clientapp.html#AEN175"
>How to use a Samba share as an administrative share for MS Office, etc.</A
></DT
+><DT
+>3.3. <A
+HREF="clientapp.html#AEN190"
+>Microsoft Access database opening errors</A
+></DT
></DL
></DD
><DT
><DL
><DT
>4.1. <A
-HREF="errors.html#AEN192"
+HREF="errors.html#AEN201"
>Not listening for calling name</A
></DT
><DT
>4.2. <A
-HREF="errors.html#AEN199"
+HREF="errors.html#AEN208"
>System Error 1240</A
></DT
><DT
>4.3. <A
-HREF="errors.html#AEN206"
+HREF="errors.html#AEN215"
>smbclient ignores -N !</A
></DT
+><DT
+>4.4. <A
+HREF="errors.html#AEN224"
+>The data on the CD-Drive I've shared seems to be corrupted!</A
+></DT
+><DT
+>4.5. <A
+HREF="errors.html#AEN228"
+>Why can users access home directories of other users?</A
+></DT
></DL
></DD
><DT
><DL
><DT
>5.1. <A
-HREF="features.html#AEN217"
+HREF="features.html#AEN243"
>How can I prevent my samba server from being used to distribute the Nimda worm?</A
></DT
><DT
>5.2. <A
-HREF="features.html#AEN231"
+HREF="features.html#AEN257"
>How can I use samba as a fax server?</A
></DT
><DD
><DL
><DT
>5.2.1. <A
-HREF="features.html#AEN242"
+HREF="features.html#AEN268"
>Tools for printing faxes</A
></DT
><DT
>5.2.2. <A
-HREF="features.html#AEN252"
+HREF="features.html#AEN278"
>Making the fax-server</A
></DT
><DT
>5.2.3. <A
-HREF="features.html#AEN268"
+HREF="features.html#AEN294"
>Installing the client drivers</A
></DT
><DT
>5.2.4. <A
-HREF="features.html#AEN282"
+HREF="features.html#AEN308"
>Example smb.conf</A
></DT
></DL
></DD
><DT
>5.3. <A
-HREF="features.html#AEN286"
+HREF="features.html#AEN312"
>Samba doesn't work well together with DHCP!</A
></DT
><DT
>5.4. <A
-HREF="features.html#AEN299"
+HREF="features.html#AEN325"
>How can I assign NetBIOS names to clients with DHCP?</A
></DT
+><DT
+>5.5. <A
+HREF="features.html#AEN332"
+>How do I convert between unix and dos text formats?</A
+></DT
></DL
></DD
></DL
+++ /dev/null
-Contributor: Many
-Updated: October 2002
-
-Subject: A collection of hints
-Status: May be useful information but NOT current
-===============================================================================
-
-Here are some random hints that you may find useful. These really
-should be incorporated in the main docs someday.
-
-
-----------------------
-HINT: Always test your smb.conf with testparm before using it
-
-If your smb.conf file is invalid then samba will fail to load. Run
-testparm over it before you install it just to make sure there aren't
-any basic syntax or logical errors.
-
-
-----------------------
-HINT: Try printing with smbclient first
-
-If you have problems printing, test with smbclient first. Just connect using
-"smbclient '\\server\printer' -P" and use the "print" command.
-
-Once this works, you know that Samba is setup correctly for printing,
-and you should be able to get it to work from your PCs.
-
-This particularly helps in getting the "print command" right.
-
-
-----------------------
-HINT: Mount cdroms with conv=binary
-
-Some OSes (notably Linux) default to auto detection of file type on
-cdroms and do cr/lf translation. This is a very bad idea when use with
-Samba. It causes all sorts of stuff ups.
-
-To overcome this problem use conv=binary when mounting the cdrom
-before exporting it with Samba.
-
-
-----------------------
-HINT: Convert between unix and dos text formats
-
-Jim barry has written an excellent drag-and-drop cr/lf converter for
-windows. Just drag your file onto the icon and it converts the file.
-
-Get it from
-ftp://samba.org/pub/samba/contributed/fixcrlf.zip
-
-The utilities unix2dos and dos2unix(in the mtools package) should do
-the job under unix.
-
-----------------------
-HINT: Use the "username map" option
-
-If the usernames used on your PCs don't match those used on the unix
-server then you will find the "username map" option useful.
-
------------------------
-HINT: Use "security = user" in [global]
-
-If you have the same usernames on the unix box and the PCs or have
-mapped them with the "username map" option then choose "security =
-user" in the [global] section of smb.conf.
-
-This will mean your password is checked only when you first connect,
-and subsequent connections to printers, disks etc will go more
-smoothly and much faster.
-
-The main problem with "security = user" if you use WfWg is that you
-will ONLY be able to connect as the username that you log into WfWg
-with. This is because WfWg silently ignores the password field in the
-connect drive dialog box if the server is in user security mode.
-
-------------------------
-HINT: Make your printers not "guest ok"
-
-If your printers are not "guest ok" and you are using "security =
-user" and have matching unix and PC usernames then you will attach to
-the printer without trouble as your own username. This will mean you
-will be able to delete print jobs (in 1.8.06 and above) and printer
-accounting will be possible.
-
-
------------------------
-HINT: Use a sensible "guest" account
-
-Even if all your services are not available to "guest" you will need a
-guest account. This is because the browsing is done as guest. In many
-cases setting "guest account = ftp" will do the trick. Using the
-default guest account or "guest account = nobody" will give problems on
-many unixes. If in doubt create another account with minimal
-privilages and use it instead. Your users don't need to know the
-password of the guest account.
-
-
-----------------------
-HINT: Using MS Access
-
-Here are some notes on running MS-Access on a Samba drive from Stefan
-Kjellberg <stefank@esi.com.au>
-
-1. Opening a database in 'exclusive' mode does NOT work. Samba ignores
- r/w/share modes on file open.
-
-2. Make sure that you open the database as 'shared' and to 'lock modified
- records'
-
-3. Of course locking must be enabled for the particular share (smb.conf)
+++ /dev/null
-Contributor: John H Terpstra <jht@samba.org>
-Date: July 5, 1998
-Status: Current
-
-Subject: SETTING UNIX FILE SYSTEM SECURITY
-===============================================================================
-The following excerpt from a bug report demonstrates the need to
-understand Unix file system security and to manage it correctly.
-
-Quote:
-======
-> We are unable to keep individual users from mapping to any other user's
-> home directory once they have supplied a valid password! They only need
-> to enter their own password. I have not found *any* method that I can
-> use to configure samba to enforce that only a user may map their own
-> home directory.
->
-> User xyzzy can map his home directory. Once mapped user xyzzy can also map
-> *anyone* elses home directory!
-
-ANSWER:
-=======
-This is not a security flaw, it is by design. Samba allows
-users to have *exactly* the same access to the UNIX filesystem
-as they would if they were logged onto the UNIX box, except
-that it only allows such views onto the file system as are
-allowed by the defined shares.
-
-This means that if your UNIX home directories are set up
-such that one user can happily cd into another users
-directory and do an ls, the UNIX security solution is to
-change the UNIX file permissions on the users home directories
-such that the cd and ls would be denied.
-
-Samba tries very hard not to second guess the UNIX administrators
-security policies, and trusts the UNIX admin to set
-the policies and permissions he or she desires.
-
-Samba does allow the setup you require when you have set the
-"only user = yes" option on the share, is that you have not set the
-valid users list for the share.
-
-Note that only user works in conjunction with the users= list,
-so to get the behavior you require, add the line :
-
-users = %S
-
-this is equivalent to:
-
-valid users = %S
-
-to the definition of the [homes] share, as recommended in
-the smb.conf man page.
-
git.samba.org / sfrench / samba-autobuild / .git / commitdiff