From owner-freebsd-questions Wed Jul 28 2:33:47 1999 Delivered-To: freebsd-questions@freebsd.org Received: from sasknow.com (h139-142-245-96.ss.FiberONE.NET [139.142.245.96]) by hub.freebsd.org (Postfix) with ESMTP id A4DEA14C4F for ; Wed, 28 Jul 1999 02:33:45 -0700 (PDT) (envelope-from freebsd@sasknow.com) Received: from localhost (freebsd@localhost) by sasknow.com (8.9.3/8.9.3) with ESMTP id DAA00619 for ; Wed, 28 Jul 1999 03:33:06 GMT (envelope-from freebsd@sasknow.com) Date: Wed, 28 Jul 1999 03:33:06 +0000 (GMT) From: Ryan Thompson To: freebsd-questions@freebsd.org Subject: Samba security questions Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi everybody I just threw Samba on to my server machine here in order to allow my Windows client machine on the LAN to have write access to my web root. I had no success with user or server access settings in smb.conf, but the share setting seems to do what I intend. However, I can't seem to get FreeBSD to run the connection daemon as any other user but nobody. Meaning, files in the web root owned by another user (such as root or my user account) are read-only. I do NOT think it would be wise to chmod 777 all the files in my Apache server root :-) Instead, I've done a chown nobody and left the access permissions alone. This has allowed me read/write access from my NT machine (which is what I was after in the first place)... And the NT machine is the only host allowed any access to Samba whatsoever, (besides localhost). My LAN security is not an issue. My question... Is there any real or implied security risk inherent in having all www data owned by nobody, as far as Apache is concerned? If so, there must be a better way to do what I'm after. Virtually yours, Ryan Thompson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message