Add some more common errors

[sfrench/samba-autobuild/.git] / docs / docbook / projdoc / securing-samba.xml

diff --git a/docs/docbook/projdoc/securing-samba.xml b/docs/docbook/projdoc/securing-samba.xml
index 100426039425badc3e2094cb6fdc2be5e4d4d0b6..b137a05ec9cd13daecea2ba7db9f90b46dd6b0a0 100644 (file)
--- a/docs/docbook/projdoc/securing-samba.xml
+++ b/docs/docbook/projdoc/securing-samba.xml
@@ -304,5 +304,66 @@ out to be a security problem request are totally convinced that the problem is w
 
        </sect2>
 
+       <sect2>
+       <title>Why can users access home directories of other users?</title>
+
+       <para>
+       <quote>
+       We are unable to keep individual users from mapping to any other user's
+       home directory once they have supplied a valid password! They only need
+       to enter their own password. I have not found *any* method that I can
+       use to configure samba to enforce that only a user may map their own
+       home directory.
+       </quote>
+       </para>
+
+       <para><quote>
+       User xyzzy can map his home directory. Once mapped user xyzzy can also map
+       *anyone* elses home directory!
+       </quote></para>
+
+       <para>
+       This is not a security flaw, it is by design. Samba allows
+       users to have *exactly* the same access to the UNIX filesystem
+       as they would if they were logged onto the UNIX box, except
+       that it only allows such views onto the file system as are
+       allowed by the defined shares.
+       </para>
+
+       <para>
+       This means that if your UNIX home directories are set up
+       such that one user can happily cd into another users
+       directory and do an ls, the UNIX security solution is to
+       change the UNIX file permissions on the users home directories
+       such that the cd and ls would be denied.
+       </para>
+
+       <para>
+       Samba tries very hard not to second guess the UNIX administrators
+       security policies, and trusts the UNIX admin to set
+       the policies and permissions he or she desires.
+       </para>
+
+       <para>
+       Samba does allow the setup you require when you have set the
+       <parameter>only user = yes</parameter> option on the share, is that you have not set the
+       valid users list for the share.
+       </para>
+
+       <para>
+       Note that only user works in conjunction with the users= list,
+       so to get the behavior you require, add the line :
+       <programlisting>
+       users = %S
+       </programlisting>
+       this is equivalent to:
+       <programlisting>
+       valid users = %S
+       </programlisting>
+       to the definition of the <parameter>[homes]</parameter> share, as recommended in
+       the &smb.conf; man page.
+       </para>
+       </sect2>
+
 </sect1>
 </chapter>