diff options
Diffstat (limited to 'docs/textdocs')
-rw-r--r-- | docs/textdocs/HINTS.txt | 111 | ||||
-rw-r--r-- | docs/textdocs/UNIX_SECURITY.txt | 54 |
2 files changed, 0 insertions, 165 deletions
diff --git a/docs/textdocs/HINTS.txt b/docs/textdocs/HINTS.txt deleted file mode 100644 index 7af39adc9fa..00000000000 --- a/docs/textdocs/HINTS.txt +++ /dev/null @@ -1,111 +0,0 @@ -Contributor: Many -Updated: October 2002 - -Subject: A collection of hints -Status: May be useful information but NOT current -=============================================================================== - -Here are some random hints that you may find useful. These really -should be incorporated in the main docs someday. - - ----------------------- -HINT: Always test your smb.conf with testparm before using it - -If your smb.conf file is invalid then samba will fail to load. Run -testparm over it before you install it just to make sure there aren't -any basic syntax or logical errors. - - ----------------------- -HINT: Try printing with smbclient first - -If you have problems printing, test with smbclient first. Just connect using -"smbclient '\\server\printer' -P" and use the "print" command. - -Once this works, you know that Samba is setup correctly for printing, -and you should be able to get it to work from your PCs. - -This particularly helps in getting the "print command" right. - - ----------------------- -HINT: Mount cdroms with conv=binary - -Some OSes (notably Linux) default to auto detection of file type on -cdroms and do cr/lf translation. This is a very bad idea when use with -Samba. It causes all sorts of stuff ups. - -To overcome this problem use conv=binary when mounting the cdrom -before exporting it with Samba. - - ----------------------- -HINT: Convert between unix and dos text formats - -Jim barry has written an excellent drag-and-drop cr/lf converter for -windows. Just drag your file onto the icon and it converts the file. - -Get it from -ftp://samba.org/pub/samba/contributed/fixcrlf.zip - -The utilities unix2dos and dos2unix(in the mtools package) should do -the job under unix. - ----------------------- -HINT: Use the "username map" option - -If the usernames used on your PCs don't match those used on the unix -server then you will find the "username map" option useful. - ------------------------ -HINT: Use "security = user" in [global] - -If you have the same usernames on the unix box and the PCs or have -mapped them with the "username map" option then choose "security = -user" in the [global] section of smb.conf. - -This will mean your password is checked only when you first connect, -and subsequent connections to printers, disks etc will go more -smoothly and much faster. - -The main problem with "security = user" if you use WfWg is that you -will ONLY be able to connect as the username that you log into WfWg -with. This is because WfWg silently ignores the password field in the -connect drive dialog box if the server is in user security mode. - ------------------------- -HINT: Make your printers not "guest ok" - -If your printers are not "guest ok" and you are using "security = -user" and have matching unix and PC usernames then you will attach to -the printer without trouble as your own username. This will mean you -will be able to delete print jobs (in 1.8.06 and above) and printer -accounting will be possible. - - ------------------------ -HINT: Use a sensible "guest" account - -Even if all your services are not available to "guest" you will need a -guest account. This is because the browsing is done as guest. In many -cases setting "guest account = ftp" will do the trick. Using the -default guest account or "guest account = nobody" will give problems on -many unixes. If in doubt create another account with minimal -privilages and use it instead. Your users don't need to know the -password of the guest account. - - ----------------------- -HINT: Using MS Access - -Here are some notes on running MS-Access on a Samba drive from Stefan -Kjellberg <stefank@esi.com.au> - -1. Opening a database in 'exclusive' mode does NOT work. Samba ignores - r/w/share modes on file open. - -2. Make sure that you open the database as 'shared' and to 'lock modified - records' - -3. Of course locking must be enabled for the particular share (smb.conf) diff --git a/docs/textdocs/UNIX_SECURITY.txt b/docs/textdocs/UNIX_SECURITY.txt deleted file mode 100644 index 38705f018ac..00000000000 --- a/docs/textdocs/UNIX_SECURITY.txt +++ /dev/null @@ -1,54 +0,0 @@ -Contributor: John H Terpstra <jht@samba.org> -Date: July 5, 1998 -Status: Current - -Subject: SETTING UNIX FILE SYSTEM SECURITY -=============================================================================== -The following excerpt from a bug report demonstrates the need to -understand Unix file system security and to manage it correctly. - -Quote: -====== -> We are unable to keep individual users from mapping to any other user's -> home directory once they have supplied a valid password! They only need -> to enter their own password. I have not found *any* method that I can -> use to configure samba to enforce that only a user may map their own -> home directory. -> -> User xyzzy can map his home directory. Once mapped user xyzzy can also map -> *anyone* elses home directory! - -ANSWER: -======= -This is not a security flaw, it is by design. Samba allows -users to have *exactly* the same access to the UNIX filesystem -as they would if they were logged onto the UNIX box, except -that it only allows such views onto the file system as are -allowed by the defined shares. - -This means that if your UNIX home directories are set up -such that one user can happily cd into another users -directory and do an ls, the UNIX security solution is to -change the UNIX file permissions on the users home directories -such that the cd and ls would be denied. - -Samba tries very hard not to second guess the UNIX administrators -security policies, and trusts the UNIX admin to set -the policies and permissions he or she desires. - -Samba does allow the setup you require when you have set the -"only user = yes" option on the share, is that you have not set the -valid users list for the share. - -Note that only user works in conjunction with the users= list, -so to get the behavior you require, add the line : - -users = %S - -this is equivalent to: - -valid users = %S - -to the definition of the [homes] share, as recommended in -the smb.conf man page. - |