Bug 1028002 - Home folder of Samba user is getting exposed through smb on fresh installs of rhs 2.1U1
Home folder of Samba user is getting exposed through smb on fresh installs of...
Status: CLOSED ERRATA
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: samba (Show other bugs)
2.1
Unspecified Unspecified
high Severity urgent
: ---
: ---
Assigned To: Raghavendra Talur
Lalatendu Mohanty
: ZStream
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-07 08:49 EST by Lalatendu Mohanty
Modified: 2013-11-27 10:46 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-11-27 10:46:49 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lalatendu Mohanty 2013-11-07 08:49:39 EST
Description of problem:

On RHS2.1U1 (with samba-3.6.9-160.6.el6rhs.x86_64 version) , the home folder of the samba user (samba user is needed to mount the volume) automatically getting available through samba

I think this is caused because we have below entries in the default smb.conf

[homes]
        comment = Home Directories
        browseable = no
        writable = yes
;       valid users = %S
;       valid users = MYDOMAIN\%S
        

"testparm -s" also confirms the same

[root@rhsauto056 home]# testparm -s
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[gluster-dhtvol-1]"
Loaded services file OK.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_STANDALONE
[global]
	workgroup = MYGROUP
	server string = Samba Server Version %v
	log file = /var/log/samba/log.%m
	max log size = 50
	load printers = No
	disable spoolss = Yes
	show add printer wizard = No
	stat cache = No
	kernel oplocks = No
	idmap config * : backend = tdb
	printing = bsd
	cups options = raw
	print command = lpr -r -P'%p' %s
	lpq command = lpq -P'%p'
	lprm command = lprm -P'%p' %j
	map archive = No
	map readonly = no
	store dos attributes = Yes

[homes]
	comment = Home Directories
	read only = No
	browseable = No

[printers]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	print ok = Yes
	browseable = No

[gluster-dhtvol-1]
	comment = For samba share of volume dhtvol-1
	path = /
	read only = No
	guest ok = Yes
	vfs objects = glusterfs
	glusterfs:loglevel = 7
	glusterfs:logfile = /var/log/samba/glusterfs-dhtvol-1.log
	glusterfs:volume = dhtvol-1

Version-Release number of selected component (if applicable):
samba-3.6.9-160.6.el6rhs.x86_64

How reproducible:

Always

Steps to Reproduce:
1. Install latest ISO for rhs2.1 U1 . I used RHSS-2.1-20131101.n.0
2. Create gluster volume, start it. Start samba service
3. Add a samba user . 
   smbpasswd -s <smbuser>
3. see the avilable shares from the rhsnode in an Windows clients or on Linux client do "smbclient -L <rhsnode>" -U <sambauser>

Actual results:

Home folder of Samba is also available though smb 

Expected results:

From RHS point of view we should not be making the home folder of the user available through smb

Additional info:
Comment 2 Vivek Agarwal 2013-11-08 04:08:23 EST
The bug was introduced because of fix for BZ 1012711. The change involves commenting couple of lines in smb.conf.
It does not involve any code change
Comment 3 Lalatendu Mohanty 2013-11-08 04:13:41 EST
Verified with a fresh install of samba 3.6.9-160.7 packages. The home folder of samba user is not visible through samba. 

[root@rhsauto057 ~]# testparm -s
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[gluster-dht]"
Loaded services file OK.
Server role: ROLE_STANDALONE
[global]
	workgroup = MYGROUP
	server string = Samba Server Version %v
	log file = /var/log/samba/log.%m
	max log size = 50
	load printers = No
	disable spoolss = Yes
	show add printer wizard = No
	stat cache = No
	kernel oplocks = No
	idmap config * : backend = tdb
	printing = bsd
	cups options = raw
	print command = lpr -r -P'%p' %s
	lpq command = lpq -P'%p'
	lprm command = lprm -P'%p' %j
	map archive = No
	map readonly = no
	store dos attributes = Yes

[gluster-dht]
	comment = For samba share of volume dht
	path = /
	read only = No
	guest ok = Yes
	vfs objects = glusterfs
	glusterfs:loglevel = 7
	glusterfs:logfile = /var/log/samba/glusterfs-dht.log
	glusterfs:volume = dht


root@rhsauto057 ~]# rpm -qa | grep samba
samba-common-3.6.9-160.7.el6rhs.x86_64
samba-client-3.6.9-160.7.el6rhs.x86_64
samba-swat-3.6.9-160.7.el6rhs.x86_64
samba-winbind-clients-3.6.9-160.7.el6rhs.x86_64
samba-winbind-3.6.9-160.7.el6rhs.x86_64
samba-winbind-krb5-locator-3.6.9-160.7.el6rhs.x86_64
samba-doc-3.6.9-160.7.el6rhs.x86_64
samba-winbind-devel-3.6.9-160.7.el6rhs.x86_64
samba-glusterfs-3.6.9-160.7.el6rhs.x86_64
samba4-libs-4.0.0-55.el6.rc4.x86_64
samba-3.6.9-160.7.el6rhs.x86_64
samba-domainjoin-gui-3.6.9-160.7.el6rhs.x86_64
Comment 5 errata-xmlrpc 2013-11-27 10:46:49 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1769.html

Note You need to log in before you can comment on or make changes to this bug.