Comment 68 for bug 32067
Revision history for this message
| Giovanni Bajo (giovannibajo) wrote Re: [Bug 32067] Re: the security parameter must be set to share, not user, in smb.conf - Smb/Gnome sharing broken | #68 |
On Feb 1, 2008 8:41 AM, Soren Hansen <email address hidden> wrote:
> On Thu, Jan 31, 2008 at 10:18:10PM -0000, Giovanni Bajo wrote:
> > This is not the correct solution for this problem. If you ask a
> > Windows user (like you are saying that we should),
>
> That's not what I said at all. Quit putting words in my mouth.
>
> I said that if you asked a new Ubuntu user: "So, dude, do you think we
> should put security=share in your smb.conf?", he'll have no clue what
> you're talking about. Hence, it's completely mistaken to say that "new
> users expect that their smb.conf says security=share". No, they don't.
> They expect to be able to share their files.
>
Nobody claimed that users have a specifical technical preference about a
single setting in smb.conf. Ralf (at least in my reading) simply claimed
that there is nothing in the *effects* you obtain by setting security=share
that does not match users' expectations. I will be pleased if you could tell
us what are the unexpected effects of such a configuration, because surely I
don't know samba well enough to understand.
> he will reply that when he shares a directory on Windows, then no
> > usernames or passwords are required to access the shared resource *by
> > default*.
>
> I find Windows' security model quite uninteresting.
I'm not discussing a security model. I'm presenting an usability story that
I feel is particularly important. I think Windows succeeds in giving the
correct usability to users in this regard (and I am not claiming that it is
doing in a way that is sensible from a security point of view -- and I
really don't care right now about this).
> Moreover, the user is shown a simple screen where he can then select
> > whether to share read-only or read-write.
>
> Yes. How is that different from nautilus-share?
>
> http://
> share/mediawiki
Yes, that is exactly the same.
<http://
> And setting security=share achieves exactly this. It might not be the
> > only solution, but it works.
>
> "If you don't want to forget your password for your home banking system,
> you can just write in on a Post-It and stick it on your monitor. It's
> not the only solution, but it works." I'm sorry, but I'm not going to
> solve a problem in a way that creates 27 other problems. You may have
> the privilege of being able to ignore those 27 other problems. I'm not.
> We take security *and* usability seriously.
I'm happy about this, and I am happy if you say "look, there is this other
solution which achieves the same usability but it is much more secure". I am
failing to see any alternative proposal at this point (and I'm failing to
see why security=share is unsecure as I said before, but that is due my
ignorance).
--
Giovanni Bajo