Re: assorted comments (was fedora-list Digest, Vol 36, Issue 69)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andrada Meda Felegean wrote:
> 
> The old server which i want to replace, runs on RedHat8 and these
> settings work. I have put WinMentor databases in /usr/mentor with no
> problem and i have also set guest account = root in the smb.conf file
> and it`s all working...
> 
> However,on Fedora6,  ls -l /usr    looks like this:
> [root@CIEmentor ~]# ls -l /usr
> total 180
> drwxr-xr-x   2 root root 36864 Feb  6 14:42 bin
> drwxr-xr-x   2 root root  4096 Oct 11 01:06 etc
> drwxr-xr-x  27 root root  4096 Feb  6 13:40 include
> drwxr-xr-x   6 root root  4096 Sep  6 23:41 kerberos
> drwxr-xr-x  79 root root 28672 Feb  6 14:42 lib
> drwxr-xr-x   8 root root  4096 Feb  6 14:42 libexec
> drwxr-xr-x  11 root root  4096 Feb  6 13:33 local
> drwxrwxrwx   3 root root  4096 Jan 30 11:13 mentor
> drwxr-xr-x   2 root root 20480 Feb  6 14:42 sbin
> drwxr-xr-x 128 root root  4096 Feb  6 13:41 share
> drwxr-xr-x   2 root root  4096 Oct 11 01:06 src
> lrwxrwxrwx   1 root root    10 Feb  6 13:33 tmp -> ../var/tmp
> drwxr-xr-x   3 root root  4096 Feb  6 13:34 X11R6
> 
> 
First of all, do not reply to the digest message, and include the
entire message when you want to ask a question. Start a new message
to the list. You should also pick a subject that describes your
problem/question. I am not sure if this post is a reply to
something, or a question, and if it is a question, just what you are
asking.

Setting the guest account to root is a BIG security risk. The guest
account is the one used for connections without a valid
username/password. By mapping this to root, you have given almost
anyone the ability to delete all the files on your Samba shares,
unless there is another restriction on the share. It is much better
to map the guest account to a normal user account set up for that.
Or leave it mapped to nobody. A better way would be to have mentor
owned by a specific user, and use the force user option on that
share to make all access by that user.

I would also consider moving mentor from the /usr tree. Depending on
how the system is partitioned, it may be better in the /var, /misc,
/opt, or /home tree, or directly off the root directory.

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux