Samba Security issues
Recently setup a linux desktop box. Wanted to have my windows shares mounted automatically, so I added them to fstab set options so user could mount them into his home directory. No problem there.
I had set the mount options with uid=person,gid=users. And I was curious if a second user logged in could access these shares mounted in the users home directory. And they could just as though they were the person that supplied credentials for said shares. Because the mount points essentially take on the permissions of the share which allow "users" access. Fine, I found options "dmask" and "fmask" which allow me to control the mount permissions and lock the second user out.
Now one of the shares I'm connecting to is a share several access, and on the server has permissions setup so only those in certain user groups can access certain folders. On my local mount point for this share due to the way I have it mounted all files appear to be owned by me.users. Which I figure is not a big deal because I'm assuming the server will follow its own permissions setup and not allow me to access files I do not have permissions for on the server.
But just to make sure this is the case, I remove myself from a group that allowed access to a particular folder. Using windows, I attempt to browse the folder and rightly receive "operation not permitted". However via my linux desktop I am able to not only browse the folder but create/modify/delete files.
To clarify this I have a windows and a linux box both with the same server share mounted. Permissions were changed on server so that I no longer had access to a particular folder. Windows box rightfully denies access, but the linux box seems to be following its own local permissions which I set via fstab mount, and allowing me to read/write/execute files on a folder I should not have permissions for.
To go a step further, on the server I logged in as root, created a file wholly owned and only allowed access by root. And still I was able to delete this file from my linux desktop box.
What the heck is going on here? It seems as though samba is entirely unsecure versus a user using linux with valid credentials. Why is the server letting the user set and follow his own permissions?!?!
Its letting me do things from this linux box that I can't do from a windows machine, or the local server console with my login.
|