1028002 – Home folder of Samba user is getting exposed through smb on fresh installs of rhs 2.1U1

Bug 1028002 - Home folder of Samba user is getting exposed through smb on fresh installs of rhs 2.1U1

Summary: Home folder of Samba user is getting exposed through smb on fresh installs of...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Gluster Storage
Classification:	Red Hat Storage
Component:	samba
Sub Component:
Version:	2.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	urgent
Target Milestone:	---
Target Release:	---
Assignee:	Raghavendra Talur
QA Contact:	Lalatendu Mohanty
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-11-07 13:49 UTC by Lalatendu Mohanty
Modified:	2013-11-27 15:46 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-11-27 15:46:49 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2013:1769	0	normal	SHIPPED_LIVE	Red Hat Storage 2.1 enhancement and bug fix update #1	2013-11-27 20:17:39 UTC

Description Lalatendu Mohanty 2013-11-07 13:49:39 UTC

Description of problem:

On RHS2.1U1 (with samba-3.6.9-160.6.el6rhs.x86_64 version) , the home folder of the samba user (samba user is needed to mount the volume) automatically getting available through samba

I think this is caused because we have below entries in the default smb.conf

[homes]
        comment = Home Directories
        browseable = no
        writable = yes
;       valid users = %S
;       valid users = MYDOMAIN\%S
        

"testparm -s" also confirms the same

[root@rhsauto056 home]# testparm -s
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[gluster-dhtvol-1]"
Loaded services file OK.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_STANDALONE
[global]
	workgroup = MYGROUP
	server string = Samba Server Version %v
	log file = /var/log/samba/log.%m
	max log size = 50
	load printers = No
	disable spoolss = Yes
	show add printer wizard = No
	stat cache = No
	kernel oplocks = No
	idmap config * : backend = tdb
	printing = bsd
	cups options = raw
	print command = lpr -r -P'%p' %s
	lpq command = lpq -P'%p'
	lprm command = lprm -P'%p' %j
	map archive = No
	map readonly = no
	store dos attributes = Yes

[homes]
	comment = Home Directories
	read only = No
	browseable = No

[printers]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	print ok = Yes
	browseable = No

[gluster-dhtvol-1]
	comment = For samba share of volume dhtvol-1
	path = /
	read only = No
	guest ok = Yes
	vfs objects = glusterfs
	glusterfs:loglevel = 7
	glusterfs:logfile = /var/log/samba/glusterfs-dhtvol-1.log
	glusterfs:volume = dhtvol-1

Version-Release number of selected component (if applicable):
samba-3.6.9-160.6.el6rhs.x86_64

How reproducible:

Always

Steps to Reproduce:
1. Install latest ISO for rhs2.1 U1 . I used RHSS-2.1-20131101.n.0
2. Create gluster volume, start it. Start samba service
3. Add a samba user . 
   smbpasswd -s <smbuser>
3. see the avilable shares from the rhsnode in an Windows clients or on Linux client do "smbclient -L <rhsnode>" -U <sambauser>

Actual results:

Home folder of Samba is also available though smb 

Expected results:

From RHS point of view we should not be making the home folder of the user available through smb

Additional info:

Comment 2 Vivek Agarwal 2013-11-08 09:08:23 UTC

The bug was introduced because of fix for BZ 1012711. The change involves commenting couple of lines in smb.conf.
It does not involve any code change

Comment 3 Lalatendu Mohanty 2013-11-08 09:13:41 UTC

Verified with a fresh install of samba 3.6.9-160.7 packages. The home folder of samba user is not visible through samba. 

[root@rhsauto057 ~]# testparm -s
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[gluster-dht]"
Loaded services file OK.
Server role: ROLE_STANDALONE
[global]
	workgroup = MYGROUP
	server string = Samba Server Version %v
	log file = /var/log/samba/log.%m
	max log size = 50
	load printers = No
	disable spoolss = Yes
	show add printer wizard = No
	stat cache = No
	kernel oplocks = No
	idmap config * : backend = tdb
	printing = bsd
	cups options = raw
	print command = lpr -r -P'%p' %s
	lpq command = lpq -P'%p'
	lprm command = lprm -P'%p' %j
	map archive = No
	map readonly = no
	store dos attributes = Yes

[gluster-dht]
	comment = For samba share of volume dht
	path = /
	read only = No
	guest ok = Yes
	vfs objects = glusterfs
	glusterfs:loglevel = 7
	glusterfs:logfile = /var/log/samba/glusterfs-dht.log
	glusterfs:volume = dht


root@rhsauto057 ~]# rpm -qa | grep samba
samba-common-3.6.9-160.7.el6rhs.x86_64
samba-client-3.6.9-160.7.el6rhs.x86_64
samba-swat-3.6.9-160.7.el6rhs.x86_64
samba-winbind-clients-3.6.9-160.7.el6rhs.x86_64
samba-winbind-3.6.9-160.7.el6rhs.x86_64
samba-winbind-krb5-locator-3.6.9-160.7.el6rhs.x86_64
samba-doc-3.6.9-160.7.el6rhs.x86_64
samba-winbind-devel-3.6.9-160.7.el6rhs.x86_64
samba-glusterfs-3.6.9-160.7.el6rhs.x86_64
samba4-libs-4.0.0-55.el6.rc4.x86_64
samba-3.6.9-160.7.el6rhs.x86_64
samba-domainjoin-gui-3.6.9-160.7.el6rhs.x86_64

Comment 5 errata-xmlrpc 2013-11-27 15:46:49 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1769.html

Note You need to log in before you can comment on or make changes to this bug.