Re: [Samba] Re: Authentication Question; WAS: installing Samba as non-root user
On Wed, 2007-09-26 at 11:39 -0700, [EMAIL PROTECTED] wrote: It's amazing how indignant people get when they think someone hasn't done his homework. I've read the man pages in depth, and the official HOWTO. Unless I overlooked something, no where does it explain the authentication in the kind of detail that is necessary to understand if there's a way to have multiple users have proper access to their home directories when the daemon is not being run as root. You will not find this knowledge in the Samba material simply because it is basic unix architecture knowledge. In unix only root owned process (modulo SELinux) can change privileges. File access is controlled by the kernel and based on said privileges. So logical consequence is: 1. no root - no change in privileges - no access to files beyond existing privileges 2. root - impersonation (change in privileges) - access to files with provided privileges For the password part, I only say that authentication is not magic, it is just an exchange of information (usually involving encryption of some sort to protect said information) to establish a remote process is who it claim it is (or represent). If your app performs authentication, it is the only one that knows about it, and unless it has mighty powers (root) it can't force the rest of the system to believe it. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authentication Question; WAS: installing Samba as non-root user
Considering I am running this daemon as a non-root user, I am not sure how this works, or if it's even possible. I had another user map her home directory by tunneling to my server, and it worked, however she did not have write access to her home directory. I have added her as a Samba user, using smbpasswd. Again, it's not clear to me how the authentication is actually happening, Samba authentication and behavior are VERY well documented - RTFM. even if I were to be running the daemon as root. Since you can add a Samba user with smbpasswd with a password other than their Linux or Unix password, how is it truly authenticating the user? Not can add a Samba user with smbpasswd, *must* add a Samba user with smbpasswd. That password is used for authenticating users, and unless you are using some kind of mapping there must be a correspondingly named user available from NSS. All this is explained in the manual. In the case of running the daemon as root, are all actions done by root on behalf of the actual user? But it appears, per the smb.conf man page, that upon every Samba connection, a new daemon is spawned for the user of the client that established that connection. It would then seem that all share accesses are being made by the actual user, as it should be, rather than through root. A non-root Samba probably can't change it's own privileges or effective user id. This is one of the many reasons your configuration will not work. Samba must run as root or your going to have to jump through endless machinations. -- Adam Tauno Williams, Network Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authentication Question; WAS: installing Samba as non-root user
See comments below. On 9/26/07, Adam Tauno Williams [EMAIL PROTECTED] wrote: Considering I am running this daemon as a non-root user, I am not sure how this works, or if it's even possible. I had another user map her home directory by tunneling to my server, and it worked, however she did not have write access to her home directory. I have added her as a Samba user, using smbpasswd. Again, it's not clear to me how the authentication is actually happening, Samba authentication and behavior are VERY well documented - RTFM. It's amazing how indignant people get when they think someone hasn't done his homework. I've read the man pages in depth, and the official HOWTO. Unless I overlooked something, no where does it explain the authentication in the kind of detail that is necessary to understand if there's a way to have multiple users have proper access to their home directories when the daemon is not being run as root. even if I were to be running the daemon as root. Since you can add a Samba user with smbpasswd with a password other than their Linux or Unix password, how is it truly authenticating the user? Not can add a Samba user with smbpasswd, *must* add a Samba user with smbpasswd. That password is used for authenticating users, and unless you are using some kind of mapping there must be a correspondingly named user available from NSS. All this is explained in the manual. Of course I know this. But I was simpling stating that the Samba password need not be the same as the Unix pasword (hence the use of the word can...with a password other than). This is VERY simple English - LTFL (learn the language). And even your statement is not true, as you can use unencrypted password authentication which will authenticate via traditional Unix /etc/passwd, bypassing the need of smbpasswd. All this is explained in the manual. In the case of running the daemon as root, are all actions done by root on behalf of the actual user? But it appears, per the smb.conf man page, that upon every Samba connection, a new daemon is spawned for the user of the client that established that connection. It would then seem that all share accesses are being made by the actual user, as it should be, rather than through root. A non-root Samba probably can't change it's own privileges or effective user id. This is one of the many reasons your configuration will not work. Samba must run as root or your going to have to jump through endless machinations. Yeah, unfortunately I was hoping that by going to the unencrypted password authentication that other users would have full access to their respective home directories. Afterall, the authentication did in fact work for other users, despite the smbd daemon running as non-root. I was hoping that the subsequent daemon processes that are spawned as a result of another user's connection, would be run as that user. But they were run as me, which makes it obvious how they would not have write access to their files. This makes it clear that the assumption is that smbd is run as root, and that allowed access is done by root on behalf of the user (or that by running smbd as root, this allows subsequent daemons to be run as the user who established the connection). Regards, Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authentication Question; WAS: installing Samba as non-root user
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: See comments below. On 9/26/07, Adam Tauno Williams [EMAIL PROTECTED] wrote: Considering I am running this daemon as a non-root user, I am not sure how this works, or if it's even possible. I had another user map her home directory by tunneling to my server, and it worked, however she did not have write access to her home directory. I have added her as a Samba user, using smbpasswd. Again, it's not clear to me how the authentication is actually happening, Samba authentication and behavior are VERY well documented - RTFM. It's amazing how indignant people get when they think someone hasn't done his homework. I've read the man pages in depth, and the official HOWTO. Unless I overlooked something, no where does it explain the authentication in the kind of detail that is necessary to understand if there's a way to have multiple users have proper access to their home directories when the daemon is not being run as root. even if I were to be running the daemon as root. Since you can add a Samba user with smbpasswd with a password other than their Linux or Unix password, how is it truly authenticating the user? Not can add a Samba user with smbpasswd, *must* add a Samba user with smbpasswd. That password is used for authenticating users, and unless you are using some kind of mapping there must be a correspondingly named user available from NSS. All this is explained in the manual. Of course I know this. But I was simpling stating that the Samba password need not be the same as the Unix pasword (hence the use of the word can...with a password other than). This is VERY simple English - LTFL (learn the language). And even your statement is not true, as you can use unencrypted password authentication which will authenticate via traditional Unix /etc/passwd, bypassing the need of smbpasswd. All this is explained in the manual. In the case of running the daemon as root, are all actions done by root on behalf of the actual user? But it appears, per the smb.conf man page, that upon every Samba connection, a new daemon is spawned for the user of the client that established that connection. It would then seem that all share accesses are being made by the actual user, as it should be, rather than through root. A non-root Samba probably can't change it's own privileges or effective user id. This is one of the many reasons your configuration will not work. Samba must run as root or your going to have to jump through endless machinations. Yeah, unfortunately I was hoping that by going to the unencrypted password authentication that other users would have full access to their respective home directories. Afterall, the authentication did in fact work for other users, despite the smbd daemon running as non-root. I was hoping that the subsequent daemon processes that are spawned as a result of another user's connection, would be run as that user. But they were run as me, which makes it obvious how they would not have write access to their files. This makes it clear that the assumption is that smbd is run as root, and that allowed access is done by root on behalf of the user (or that by running smbd as root, this allows subsequent daemons to be run as the user who established the connection). That is correct. If you run a daemon as you, it does not matter whether the other users can authenticate or not -- they will still be unable to read/write anyplace other than your files (which makes me think, actually, that they'll probably be able to read/write your files even if they're logged in as themselves). The sysadmin in me makes me wonder why you can't just ask your sysadmin to run Samba for you? Unless it is against a policy, in which case, should you really be doing this anyway? :) Seems to me something like SftpDrive (http://www.sftpdrive.com/) would be a better solution for you. Even, honestly, using the GUI SFTP program that is part of the Windows SSH client is just about the same thing, with the exception that you don't get a drive letter (which I'm not convinced personally is a great advantage). - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG+rgNmb+gadEcsb4RAkrJAJ0eDRvUVrSIACSCI9Kvqzn8c3JpmgCfcQ4D cU1V/bDUjZdliX/WzPgWM3Y= =WNsH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Authentication Question; WAS: installing Samba as non-root user
I've played around with this some more. Ideally I'd like to have other users in my group map their home directories using the samba server that I have daemonized on my Linux machine, as some don't have their own Linux boxes. Considering I am running this daemon as a non-root user, I am not sure how this works, or if it's even possible. I had another user map her home directory by tunneling to my server, and it worked, however she did not have write access to her home directory. I have added her as a Samba user, using smbpasswd. Again, it's not clear to me how the authentication is actually happening, even if I were to be running the daemon as root. Since you can add a Samba user with smbpasswd with a password other than their Linux or Unix password, how is it truly authenticating the user? In the case of running the daemon as root, are all actions done by root on behalf of the actual user? But it appears, per the smb.conf man page, that upon every Samba connection, a new daemon is spawned for the user of the client that established that connection. It would then seem that all share accesses are being made by the actual user, as it should be, rather than through root. If this is true, how then is the user really being authenticated, since never is the Linux password being provided (just the smb password)? Because it would seem that I could set up a user map file to map my Windows username to someone else's Linux username. I could then add that Linux username to Samba using smbpasswd and pick some password for me to know. This would then allow me to access his files. Of course this doesn't work (because I've tried it), so either some true Linux authentication is happening in the background (but how could it without providing it the user's Linux password), or are all share accesses being done by root on behalf of the user, and the assumption is that root would setup the Samba configuration to never allow the kind of unwarranted access that I've described. If the latter is true, then is there anyway to have Samba authenticate a user by checking against the regular Linux password and not the Samba smbpasswd? Essentially, since I am not running the daemon as root, I would need an authentication mechanism that is somehow detached from from local non-root daemon, such as an external authentication server. If all else fails, I suppose I can have each user install Samba in a public directory on my Linux box (again, since not everyone has his own Linux machine) and launch an individual daemon with their Linux user account to be run on my machine, each with a different port number. This is quite convoluted, which is why I'm hoping someone can offer a solution. Thanks, Ben On 9/25/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, I was able to actually get this to work! I successfully mapped my Linux home directory within Windows on a non-root smb install. I was able to get smbd to run OK with the non-standard ports. I then needed to do ssh tunneling to forward port 139 on a Windows Loopback Network device to the non-standard port of 1139 on my Linux box. I used a method similar to this. http://smithii.com/map_a_network_drive_over_ssh_in_windows I'm now in business. My next question is, can I have other users in my group map their own home directories by using my smbd server that's running on my Linux box? I'm assuming I'd need to add the users to the smbpasswd file. But how does that all work? If I were to add another user and choose my own password for that user, I'm assuming I can't just map his home drive and have full privileges to it (which is not what I want). Does the smbpasswd have to match the Linux password for the user? If not, wow else would it grant proper access to files, if it would seem I can masquerade as this user and use an smb password that is different from his own Linux password. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
