Bug 1028002

Summary: Home folder of Samba user is getting exposed through smb on fresh installs of rhs 2.1U1
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: Lalatendu Mohanty <lmohanty>
Component: sambaAssignee: Raghavendra Talur <rtalur>
Status: CLOSED ERRATA QA Contact: Lalatendu Mohanty <lmohanty>
Severity: urgent Docs Contact:
Priority: high    
Version: 2.1CC: grajaiya, sbhaloth, vagarwal
Target Milestone: ---Keywords: ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-27 15:46:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lalatendu Mohanty 2013-11-07 13:49:39 UTC 
Description of problem:

On RHS2.1U1 (with samba-3.6.9-160.6.el6rhs.x86_64 version) , the home folder of the samba user (samba user is needed to mount the volume) automatically getting available through samba

I think this is caused because we have below entries in the default smb.conf

[homes]
        comment = Home Directories
        browseable = no
        writable = yes
;       valid users = %S
;       valid users = MYDOMAIN\%S
        

"testparm -s" also confirms the same

[root@rhsauto056 home]# testparm -s
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[gluster-dhtvol-1]"
Loaded services file OK.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_STANDALONE
[global]
	workgroup = MYGROUP
	server string = Samba Server Version %v
	log file = /var/log/samba/log.%m
	max log size = 50
	load printers = No
	disable spoolss = Yes
	show add printer wizard = No
	stat cache = No
	kernel oplocks = No
	idmap config * : backend = tdb
	printing = bsd
	cups options = raw
	print command = lpr -r -P'%p' %s
	lpq command = lpq -P'%p'
	lprm command = lprm -P'%p' %j
	map archive = No
	map readonly = no
	store dos attributes = Yes

[homes]
	comment = Home Directories
	read only = No
	browseable = No

[printers]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	print ok = Yes
	browseable = No

[gluster-dhtvol-1]
	comment = For samba share of volume dhtvol-1
	path = /
	read only = No
	guest ok = Yes
	vfs objects = glusterfs
	glusterfs:loglevel = 7
	glusterfs:logfile = /var/log/samba/glusterfs-dhtvol-1.log
	glusterfs:volume = dhtvol-1

Version-Release number of selected component (if applicable):
samba-3.6.9-160.6.el6rhs.x86_64

How reproducible:

Always

Steps to Reproduce:
1. Install latest ISO for rhs2.1 U1 . I used RHSS-2.1-20131101.n.0
2. Create gluster volume, start it. Start samba service
3. Add a samba user . 
   smbpasswd -s <smbuser>
3. see the avilable shares from the rhsnode in an Windows clients or on Linux client do "smbclient -L <rhsnode>" -U <sambauser>

Actual results:

Home folder of Samba is also available though smb 

Expected results:

From RHS point of view we should not be making the home folder of the user available through smb

Additional info:
Comment 2 Vivek Agarwal 2013-11-08 09:08:23 UTC 
The bug was introduced because of fix for BZ 1012711. The change involves commenting couple of lines in smb.conf.
It does not involve any code change
Comment 3 Lalatendu Mohanty 2013-11-08 09:13:41 UTC 
Verified with a fresh install of samba 3.6.9-160.7 packages. The home folder of samba user is not visible through samba. 

[root@rhsauto057 ~]# testparm -s
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[gluster-dht]"
Loaded services file OK.
Server role: ROLE_STANDALONE
[global]
	workgroup = MYGROUP
	server string = Samba Server Version %v
	log file = /var/log/samba/log.%m
	max log size = 50
	load printers = No
	disable spoolss = Yes
	show add printer wizard = No
	stat cache = No
	kernel oplocks = No
	idmap config * : backend = tdb
	printing = bsd
	cups options = raw
	print command = lpr -r -P'%p' %s
	lpq command = lpq -P'%p'
	lprm command = lprm -P'%p' %j
	map archive = No
	map readonly = no
	store dos attributes = Yes

[gluster-dht]
	comment = For samba share of volume dht
	path = /
	read only = No
	guest ok = Yes
	vfs objects = glusterfs
	glusterfs:loglevel = 7
	glusterfs:logfile = /var/log/samba/glusterfs-dht.log
	glusterfs:volume = dht


root@rhsauto057 ~]# rpm -qa | grep samba
samba-common-3.6.9-160.7.el6rhs.x86_64
samba-client-3.6.9-160.7.el6rhs.x86_64
samba-swat-3.6.9-160.7.el6rhs.x86_64
samba-winbind-clients-3.6.9-160.7.el6rhs.x86_64
samba-winbind-3.6.9-160.7.el6rhs.x86_64
samba-winbind-krb5-locator-3.6.9-160.7.el6rhs.x86_64
samba-doc-3.6.9-160.7.el6rhs.x86_64
samba-winbind-devel-3.6.9-160.7.el6rhs.x86_64
samba-glusterfs-3.6.9-160.7.el6rhs.x86_64
samba4-libs-4.0.0-55.el6.rc4.x86_64
samba-3.6.9-160.7.el6rhs.x86_64
samba-domainjoin-gui-3.6.9-160.7.el6rhs.x86_64
Comment 5 errata-xmlrpc 2013-11-27 15:46:49 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1769.html