> My concern is that "map to guest" not only affects user shares but > also regular shares.
Let's see. This may mostly only be the case with the "map to guest = bad user" option. (Because "usershare allow guests = yes" is usershare specific.) What happens without the bad user mapping? Clients have problems to connect, even if a share is explicitly set to be public. The bad user mapping seems needed to make public shares work effectively in all setups I know. (Of course no no public shares are set up by default.) Map to guest should introduce no new risk vector, because clients could always just try the nobody account directly. > Do we really want to change upstream defaults for our default installs > to make it easier to enable a functionality that makes sense mostly > for desktop users? Many server setups may not use local user accounts at all. Nevertheless, it should be safer to run processes and shares under a restricted user account than with root permissions. Also note that, in order for a local user to be able to create a share at all, the user must first be added to the "sambashare" group. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org