[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[debian-users:57674] Re: Samba 4.1.17 でのアクセス制御
- From: TAKAHASHI Motonobu/高橋 基信 <monyo@xxxxxxxxx>
- Subject: [debian-users:57674] Re: Samba 4.1.17 でのアクセス制御
- Date: Sun, 5 Jul 2015 19:10:05 +0900
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=monyo.com; s=google; h=date:from:to:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; bh=Z8QFmf60Adl0PRyosrF+r9s9bYa7uz66u35212kjJLE=; b=V6pLRro5L8sd3pzeUyKv0mpYzBa1DrtexyCOR4DEoWj8qv4hMOLzNw48cIxV2xEafs B4BrF+RPIDFxJnaHbSpJ+TQz1Gecht/0wupwgAsfVX4payEexcZO++BaeQJcZDGJHpYx GAGMoJ/qNRUSKIdbHeP2AR+LI4h7jARaLA9TI=
- List-help: <mailto:debian-users-ctl@debian.or.jp?body=help>
- List-id: debian-users.debian.or.jp
- List-owner: <mailto:debian-users-admin@debian.or.jp>
- List-post: <mailto:debian-users@debian.or.jp>
- List-software: fml [fml 4.0.3 release (20011202/4.0.3)]
- List-unsubscribe: <mailto:debian-users-ctl@debian.or.jp?body=unsubscribe>
- X-gm-message-state: ALoCoQkjNa/vC6YNCZGVkGmN+vq5uQJEPHWjLaAs0Hsxii8XqPsvzAhIJ9PQLzUfVo3bKwSArtyW
- X-google-dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:subject:message-id:in-reply-to :references:mime-version:content-type:content-transfer-encoding; bh=Z8QFmf60Adl0PRyosrF+r9s9bYa7uz66u35212kjJLE=; b=RoU6hkhYbpBQvjMin82ui+GqQsfifS5ovijWiTky8O0odYhzEYZ38abDXvb+zXdYPI NUHrdJKVhvgF57Eo42tMadxV47nImJiGa7EaXniDEaP6ZU3VdQNIzORQP1YJ4WKj0NHg knGG4qP7v7iQzf2rkxiWfPQ48zS9GoqDbnXMiw7pHfWdXzB/EJDnkzdfmQyoBKrHTYXD 9AIs0oS3pFox20Zh4xmqBZcccxmZScn9+Z/a4Om8DSzv/aqmv907/sobWpC+kPGZghRf Xt3u5vdsbVUAVWC1St8fiMM0axif5xzd8dxSyNRUK2oO1To6TLafYXQBscFqfBctWvGt 1+9Q==
- X-ml-info: If you have a question, send e-mail with the body "help" (without quotes) to the address debian-users-ctl@debian.or.jp; help=<mailto:debian-users-ctl@debian.or.jp?body=help>
- X-ml-name: debian-users
- X-mlserver: fml [fml 4.0.3 release (20011202/4.0.3)]; post only (only members can post)
- X-original-to: debian-users-dist@debian.or.jp
- X-received: by 10.70.133.230 with SMTP id pf6mr94975872pdb.56.1436091003797; Sun, 05 Jul 2015 03:10:03 -0700 (PDT)
- X-spam-checker-version: SpamAssassin 3.2.5 (2008-06-10) on osdn.debian.or.jp
- X-spam-level:
- X-spam-status: No, score=-1.4 required=10.0 tests=DNS_FROM_AHBL_RHSBL,KI, RCVD_IN_DNSWL_LOW autolearn=disabled version=3.2.5
- References: <55988DE1.5050308@xxxxxxxxx>
- Message-id: <20150705191002.3d59ee71ca6f7f44a6d6ab25@xxxxxxxxx>
- X-mail-count: 57674
- X-mailer: Sylpheed 3.4.2 (GTK+ 2.10.14; i686-pc-mingw32)
たかはしもとのぶです。
> [tag-only]
> comment = Manager-only
> path = /public/storage/manager-only
> directory mask = 0770
> force create mode = 0770
> create mask = 0770
> writable = yes
> public = no
> delete veto files = yes
> veto files = /\.*/
> nt acl support = no
>
> ここで、/public/storage/manager-only は、
> drwxrwx--- 62 manager manager 4096 6月 23 14:20 manager-only/
>
> です。これでmanagerグループ以外の人はアクセスできなかったのですが、
> 4.1.17では誰でもアクセスできてしまいます。
同じような環境を作ってみましたが、特に問題なくアクセスを拒否
されます。
=====
[global]
[share1]
path = /var/lib/samba/shares/share1
directory mask = 0770
force create mode = 0770
create mask = 0770
writeable = yes
public = no
delete veto files = yes
veto files = /\.*/
nt acl support = no
=====
root@jessie64:~# ls -l /var/lib/samba/shares
total 4
drwxrwx--- 2 manager manager 4096 Jul 5 12:44 share1
=====
上記で、managerグループに所属していないユーザでアクセスしようと
しても、アクセスを拒否されます。
LDAP認証にはしていませんが、切り分けの意味でも、LDAPなしの
環境で確認してみてください。
なお、ご存知かもしれませんが、public = no はデフォルト値です
ので、明示的に設定する必要はありません。
--
TAKAHASHI Motonobu/高橋 基信 <monyo@xxxxxxxxx>
@damemonyo / facebook.com/takahashi.motonobu