[Software] Samba 4.17 "nobody" folder

[otello.an]

Good morning everyone,
My question concerns the Samba shares.

Given that everything works well. I've got a curiosity.
I updated samba to version 4.17 from 4.13.
Now, among the shared folders a new "nobody" folder appears.
The rest works everything as before.
The Smb.conf configuration file remained the same as before.

What is this new folder? How can I remove it?
Thank you all!

Otello

[kent_dorfman766]

There are no folders in Linux...They are directories. Folder is a windoze GUI term.

Appearance of "nobody" directory probably infers that there is a "nobody" UID guest account set up on the server. It's not unheard of that the samba devs change default behaviour within a major version so removal of the offending directory would involve changing settings in the smb.conf file. FWIW, I'd mention on the samba list that behaviour changed with the upgrade and ask them to document the what and why.

[Aki]

Hello,

What's your Debian version ?

As kent_dorfman766 highlighted you before, your issue could be related to your samba configuration. If you wish, you can share your samba configuration with other viewers of the forum attaching it the a follow-up message.

[steve_v]

among the shared folders a new "nobody" folder appears.
...
What is this new folder?

Probably:

Appearance of "nobody" directory probably infers that there is a "nobody" UID guest account set up on the server.

Inded, IIRC the smb.conf shipped with Debian enables the [homes] automatic shares;

Code: Select all

nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin

Has been a default system user for a long while, and;

It's not unheard of that the samba devs change default behaviour within a major version

Personally, I suspect something has changed WRT default behaviour of the [homes] section in /etc/samba/smb.conf or exclusion of silly high UIDs, nologin accounts, or missing home directories.
What does your config have in it? The default smb.conf shipped with Debian has (had) 'browseable = no' for the [homes] shares, which should prevent other users home directories showing up... but that may have changed.

OTOH, if you actually have a 'nobody' user with a valid login shell and home directory... Check that out, nobody shouldn't be anybody.

[Aki]

Hello,

I'm not able to replicate the issue today (the nobody folder does not appear); for example:

Code: Select all

$ smbclient -U aki -L 192.168.178.40
Enter WORKGROUP\aki's password: 

        Sharename       Type      Comment
        ---------       ----      -------
        print$          Disk      Printer Drivers
        IPC$            IPC       IPC Service (Samba 4.17.7-Debian)
        aki             Disk      Home Directories

There was a samba security upgrade on Wed, 29 Mar 2023 17:59:17 +0300 [1]:

samba (2:4.17.7+dfsg-1) unstable; urgency=high

* upstream stable/security/bugfix release, fixing the following issues:
o CVE-2023-0225: An incomplete access check on dnsHostName allows
authenticated but otherwise unprivileged users to delete this
attribute from any object in the directory.
https://www.samba.org/samba/security/CVE-2023-0225.html
o CVE-2023-0922: The Samba AD DC administration tool, when operating
against a remote LDAP server, will by default send new or reset
passwords over a signed-only connection.
https://www.samba.org/samba/security/CVE-2023-0922.html
o CVE-2023-0614: Fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
Confidential attribute disclosure via LDAP filters was insufficient and
an attacker may be able to obtain confidential BitLocker recovery keys
from a Samba AD DC. Installations with such secrets in their Samba AD
should assume they have been obtained and need replacing.
https://www.samba.org/samba/security/CVE-2023-0614.html
Closes: CVE-2023-0225 CVE-2023-0922 CVE-2023-0614
* update libldb symbols and versions

-- Michael Tokarev <mjt@tls.msk.ru> Wed, 29 Mar 2023 17:59:17 +0300

Can you upgrade samba in your installation and test again ?

---
[1] https://metadata.ftp-master.debian.org/ ... _changelog

[Space Invader]

I updated samba to version 4.17 from 4.13.
Now, among the shared folders a new "nobody" folder appears.

I recently stumbled across this issue since my upgrade to Bookworm and, as I did not find any mention in Samba's documentation, I just added the following “share”:

Code: Select all

[nobody]
        browseable = no

followed by a systemctl restart smbd nmbd

[Aki]

Hello,

I recently stumbled across this issue since my upgrade to Bookworm [..]

What is the samba version you are running ?

[Space Invader]

What is the samba version you are running ?

The current 4.17.8+dfsg-1 from testing.