Re: assorted comments (was fedora-list Digest, Vol 36, Issue 69)

From: "Mikkel L. Ellertson" <mikkel@xxxxxxxxxxxxxxxx>
Date: Tue, 06 Feb 2007 14:48:58 -0600

Andrada Meda Felegean wrote:

The old server which i want to replace, runs on RedHat8 and these
settings work. I have put WinMentor databases in /usr/mentor with no
problem and i have also set guest account = root in the smb.conf file
and it`s all working...

However,on Fedora6, ls -l /usr looks like this:
[root@CIEmentor ~]# ls -l /usr
total 180
drwxr-xr-x 2 root root 36864 Feb 6 14:42 bin
drwxr-xr-x 2 root root 4096 Oct 11 01:06 etc
drwxr-xr-x 27 root root 4096 Feb 6 13:40 include
drwxr-xr-x 6 root root 4096 Sep 6 23:41 kerberos
drwxr-xr-x 79 root root 28672 Feb 6 14:42 lib
drwxr-xr-x 8 root root 4096 Feb 6 14:42 libexec
drwxr-xr-x 11 root root 4096 Feb 6 13:33 local
drwxrwxrwx 3 root root 4096 Jan 30 11:13 mentor
drwxr-xr-x 2 root root 20480 Feb 6 14:42 sbin
drwxr-xr-x 128 root root 4096 Feb 6 13:41 share
drwxr-xr-x 2 root root 4096 Oct 11 01:06 src
lrwxrwxrwx 1 root root 10 Feb 6 13:33 tmp -> ../var/tmp
drwxr-xr-x 3 root root 4096 Feb 6 13:34 X11R6

First of all, do not reply to the digest message, and include the
entire message when you want to ask a question. Start a new message
to the list. You should also pick a subject that describes your
problem/question. I am not sure if this post is a reply to
something, or a question, and if it is a question, just what you are
asking.

Setting the guest account to root is a BIG security risk. The guest
account is the one used for connections without a valid
username/password. By mapping this to root, you have given almost
anyone the ability to delete all the files on your Samba shares,
unless there is another restriction on the share. It is much better
to map the guest account to a normal user account set up for that.
Or leave it mapped to nobody. A better way would be to have mentor
owned by a specific user, and use the force user option on that
share to make all access by that user.

I would also consider moving mentor from the /usr tree. Depending on
how the system is partitioned, it may be better in the /var, /misc,
/opt, or /home tree, or directly off the root directory.

Mikkel
--

Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

References:
- Re: fedora-list Digest, Vol 36, Issue 69
  - From: Andrada Meda Felegean

Prev by Date: Re: Howto update patches without Internet connection
Next by Date: Re: GM & MS
Previous by thread: Re: fedora-list Digest, Vol 36, Issue 69
Next by thread: Howto update patches without Internet connection
Index(es):
- Date
- Thread

Relevant Pages

Re: How do I share a drive
... The root of every drive is automatically shared as the drive letter followed ... Access it using the UNC path. ... > sharing installed and enabled on your network adapter in Control ... Enabling the guest account is not recommended unless ...
(microsoft.public.win2000.networking)
Re: Applescript vulnerability
... his machine *despite* the fact that root logins are disabled. ... condition was not a viable defense. ... You can get to the root account thus: ... The Guest account is there to give physical ...
(comp.sys.mac.system)