T 2.65 Complexity of the SAMBA Configuration

SAMBA is a freeware software package for UNIX operating systems which, amongst other things, provides file, print and authentication services over the Server Message Block (SMB) and Common Internet File System (CIFS) protocols. The most important examples of SMB/CIFS clients are definitely the operating systems in the Microsoft Windows family. With SAMBA it is possible, for example, for Windows 9x or Windows NT computers to access shared files on a UNIX server directly. This obviates the need to take a detour over the FTP or NFS protocols or to install additional software on the client. In the current version, SAMBA simulates a whole range of Windows NT server functions so that in many cases it is possible to use a UNIX system with SAMBA in lieu of such a server.

On the server side, most of the SAMBA configuration settings are defined in the file smb.conf; in particular, the shared directories and printers are entered here together with various settings relating to authentication. A whole range of parameters are available for this purpose. These are set in the individual sections of file smb.conf. A given function of the SAMBA server is generally controlled via a combination of several parameters. Depending on the particular instance, the interaction of these parameters can be very complex, so that there is a danger that the Administrator could incorrectly interpret the effect of a particular parameter combination. In particular, there is a danger that if one parameter is modified this could have unnoticed side-effects that compromised the security of the server.

The problem described above is aggravated during configuration of directory and file permissions. Here it is necessary to consider not only the settings contained in file smb.conf, but also the access rights to the (UNIX) file system on which the directories and files are held. The actual rights which are valid for the user during access via SAMBA can be influenced by file smb.conf in two different ways. Firstly, it is possible to specify direct access restrictions for the individual shares of a SAMBA server (e.g. via the parameter valid users). Secondly, file smb.conf contains parameters (e.g. force user) by means of which it is possible to configure how directory- and file-based access restrictions affect a user's current access rights. It is easy to make a mistake in the configuration, with the result that users are given excessively wide access rights to directories and/or files.

Example:

The Administrator of a SAMBA server assigns directory- and file-based access rights to the local file system of the server. This entails setting appropriate permissions and ownerships for all the shared areas. However, file smb.conf contains the line

force user = root

. This means that the file system is accessed under the "root" user account, irrespective of which user has logged on to the server. The result is that virtually all the directory-and file-based access restrictions are ignored.