craigwhite at azapple.com
Tue Apr 4 19:38:55 UTC 2006
On Tue, 2006-04-04 at 20:08 +0100, Anne Wilson wrote:
> On Tuesday 04 April 2006 19:50, Todd Zullinger wrote:
> > I have an FC4 system here. And there surely is the section that Craig
> > quoted in the smb.conf manpage. It is also referenced in the samba
> > manpage (3 times, actually).
> You are absolutely correct, and I apologise for the misunderstanding. I have
> only ever seen the samba man page before. There are a host of smb-whatever
> man pages that I had completely missed. I did mean what I said about wanting
> to see the document, so I shall be reading at least some of those.
> The point in question, though was that two people want/need a very simple
> setup. I'm not suggesting that what Craig outlined would not work, but it is
> probably not the simplest way for them to have a secure system. The part
> that I quoted from JT's book goes on to detail the smb.conf for that
> situation. He has just 7 lines in the global section for a 'share' system,
> but then uses force-user and force-group to give some security.
here's my issue - that I see OP asking a question and the answer is
wrong and doesn't even comport to man page - obviously your answer
didn't comport to man page because you couldn't find the right man page.
In fact your answer was to tell him to use 'security = user' accompanied
by an awkward explanation which didn't begin to solve his problem.
force user and force group are apparently valid options for
'security = share' and probably a likely candidate for a a really simple
minded 'guest/public' setup.
I don't use 'security = share' and never have. I am sort of vague on
it's usage and I know that some of the samba developers would like to
remove it entirely because of the confusion it causes and has been the
topic on many occasions on samba list. Nonetheless, the section that I
quoted from smb.conf is definitive and relevant.
> In the past, when the windows machines on my lan were win98 boxes the users
> always felt to be logging in transparently, because they were passing their
> windows login, and could not do anything else. Since W2K, of course, all
> that has changed, but it's no hardship to log in once for a session, and I
> believe that it is a simpler way to have a semblance of security.
> As always, YMMV
once again, you have given confusing if not inaccurate. If the user and
password and workgroup are the same, a Win98 and a Win2K connection to a
'security = user' samba would be handled in the same manner so I fail to
see what you mean by 'all that has changed'
One of the differences between 'security = user' and 'security = share'
is that a Windows client can access different shares with different
passwords in 'security = share' but not with 'security = user'
More information about the users