Comment 4 for bug 32067
Revision history for this message
| Adam Conrad (adconrad) wrote Re: the security parameter must be set to share, not user, in smb.conf | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
It's certainly not the "only way." In the default setup, if you just invoke "smbpassd -a [yourusername]" as root (ie: with sudo or from a root shell), you an connect to samba just fine as your user.
I'm trying to dig up the upstream docs on why security=share was considered a bad idea originally, but the one that pops up off the top of my head is that with security=share, you end up with Samba (running as root) randomly trying the passwords you provide it against a guessed list of UNIX account names, which means samba can open up your box to rapid-fire dictionary attacks.
The other thing (not security related, of course) to mention is that samba in pretty much any installation except for this specific task (GNOME user wanting to share files easily) would almost always be secured with security=user (or some domain scheme), as it allows more fine-grained controls.
The fact that I've never run a Samba server with security=share, but have always run Samba servers specifically for Windows clients to connect to them makes it failry obvious that "security=share" isn't required to share files with Windows, however.