Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 28 Jul 1999 14:24:56 +0300
From:      "Andy V. Oleynik" <andyo@prime.net.ua>
To:        Ryan Thompson <freebsd@sasknow.com>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Samba security questions
Message-ID:  <379EE887.277B4E7@prime.net.ua>
References:  <Pine.BSF.4.10.9907280322410.591-100000@sasknow.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Ryan Thompson wrote:

> Hi everybody
>
> I just threw Samba on to my server machine here in order to allow my
> Windows client machine on the LAN to have write access to my web root.
>
> I had no success with user or server access settings in smb.conf, but the
> share setting seems to do what I intend.  However, I can't seem to get
> FreeBSD to run the connection daemon as any other user but nobody.
> Meaning, files in the web root owned by another user (such as root or my
> user account) are read-only.  I do NOT think it would be wise to chmod 777
> all the files in my Apache server root :-)  Instead, I've done a chown
> nobody and left the access permissions alone.

Bad idea.

>
>
> This has allowed me read/write access from my NT machine (which is what I
> was after in the first place)... And the NT machine is the only host
> allowed any access to Samba whatsoever, (besides localhost).  My LAN
> security is not an issue.
>
> My question... Is there any real or implied security risk inherent in
> having all www data owned by nobody, as far as Apache is concerned?
>

web tree must be owned by root but the few subtrees which can be owned by
real users on ur host to allow them update their pages if latter are placed
in web tree.

>
> If so, there must be a better way to do what I'm after.
>
> Virtually yours,
> Ryan Thompson
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

--
WBW  Andy V. Oleynik            (When U work in virtual office
prime.net.ua's                   U have good chance to obtain
system administrator             virtual money ö%-)
+380442448363





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?379EE887.277B4E7>