Re: assorted comments (was fedora-list Digest, Vol 36, Issue 69)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andrada Meda Felegean wrote:
> 
> The old server which i want to replace, runs on RedHat8 and these
> settings work. I have put WinMentor databases in /usr/mentor with no
> problem and i have also set guest account = root in the smb.conf file
> and it`s all working...
> 
> However,on Fedora6,  ls -l /usr    looks like this:
> [root@CIEmentor ~]# ls -l /usr
> total 180
> drwxr-xr-x   2 root root 36864 Feb  6 14:42 bin
> drwxr-xr-x   2 root root  4096 Oct 11 01:06 etc
> drwxr-xr-x  27 root root  4096 Feb  6 13:40 include
> drwxr-xr-x   6 root root  4096 Sep  6 23:41 kerberos
> drwxr-xr-x  79 root root 28672 Feb  6 14:42 lib
> drwxr-xr-x   8 root root  4096 Feb  6 14:42 libexec
> drwxr-xr-x  11 root root  4096 Feb  6 13:33 local
> drwxrwxrwx   3 root root  4096 Jan 30 11:13 mentor
> drwxr-xr-x   2 root root 20480 Feb  6 14:42 sbin
> drwxr-xr-x 128 root root  4096 Feb  6 13:41 share
> drwxr-xr-x   2 root root  4096 Oct 11 01:06 src
> lrwxrwxrwx   1 root root    10 Feb  6 13:33 tmp -> ../var/tmp
> drwxr-xr-x   3 root root  4096 Feb  6 13:34 X11R6
> 
> 
First of all, do not reply to the digest message, and include the
entire message when you want to ask a question. Start a new message
to the list. You should also pick a subject that describes your
problem/question. I am not sure if this post is a reply to
something, or a question, and if it is a question, just what you are
asking.

Setting the guest account to root is a BIG security risk. The guest
account is the one used for connections without a valid
username/password. By mapping this to root, you have given almost
anyone the ability to delete all the files on your Samba shares,
unless there is another restriction on the share. It is much better
to map the guest account to a normal user account set up for that.
Or leave it mapped to nobody. A better way would be to have mentor
owned by a specific user, and use the force user option on that
share to make all access by that user.

I would also consider moving mentor from the /usr tree. Depending on
how the system is partitioned, it may be better in the /var, /misc,
/opt, or /home tree, or directly off the root directory.

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux