Good morning everyone,
My question concerns the Samba shares.
Given that everything works well. I've got a curiosity.
I updated samba to version 4.17 from 4.13.
Now, among the shared folders a new "nobody" folder appears.
The rest works everything as before.
The Smb.conf configuration file remained the same as before.
What is this new folder? How can I remove it?
Thank you all!
Otello
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
[Software] Samba 4.17 "nobody" folder
- kent_dorfman766
- Posts: 540
- Joined: 2022-12-16 06:34
- Location: socialist states of america
- Has thanked: 59 times
- Been thanked: 70 times
Re: [Software] Samba 4.17 "nobody" folder
There are no folders in Linux...They are directories. Folder is a windoze GUI term.
Appearance of "nobody" directory probably infers that there is a "nobody" UID guest account set up on the server. It's not unheard of that the samba devs change default behaviour within a major version so removal of the offending directory would involve changing settings in the smb.conf file. FWIW, I'd mention on the samba list that behaviour changed with the upgrade and ask them to document the what and why.
Appearance of "nobody" directory probably infers that there is a "nobody" UID guest account set up on the server. It's not unheard of that the samba devs change default behaviour within a major version so removal of the offending directory would involve changing settings in the smb.conf file. FWIW, I'd mention on the samba list that behaviour changed with the upgrade and ask them to document the what and why.
-
- Global Moderator
- Posts: 2960
- Joined: 2014-07-20 18:12
- Location: Europe
- Has thanked: 73 times
- Been thanked: 405 times
Re: [Software] Samba 4.17 "nobody" folder
Hello,
What's your Debian version ?
As kent_dorfman766 highlighted you before, your issue could be related to your samba configuration. If you wish, you can share your samba configuration with other viewers of the forum attaching it the a follow-up message.
What's your Debian version ?
As kent_dorfman766 highlighted you before, your issue could be related to your samba configuration. If you wish, you can share your samba configuration with other viewers of the forum attaching it the a follow-up message.
-
- df -h | grep > 20TiB
- Posts: 1418
- Joined: 2012-10-06 05:31
- Location: /dev/chair
- Has thanked: 80 times
- Been thanked: 191 times
Re: [Software] Samba 4.17 "nobody" folder
Probably:
Inded, IIRC the smb.conf shipped with Debian enables the [homes] automatic shares;kent_dorfman766 wrote: ↑2023-04-24 12:35 Appearance of "nobody" directory probably infers that there is a "nobody" UID guest account set up on the server.
Code: Select all
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
Personally, I suspect something has changed WRT default behaviour of the [homes] section in /etc/samba/smb.conf or exclusion of silly high UIDs, nologin accounts, or missing home directories.kent_dorfman766 wrote: ↑2023-04-24 12:35It's not unheard of that the samba devs change default behaviour within a major version
What does your config have in it? The default smb.conf shipped with Debian has (had) 'browseable = no' for the [homes] shares, which should prevent other users home directories showing up... but that may have changed.
OTOH, if you actually have a 'nobody' user with a valid login shell and home directory... Check that out, nobody shouldn't be anybody.
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.
-
- Global Moderator
- Posts: 2960
- Joined: 2014-07-20 18:12
- Location: Europe
- Has thanked: 73 times
- Been thanked: 405 times
Re: [Software] Samba 4.17 "nobody" folder
Hello,
I'm not able to replicate the issue today (the nobody folder does not appear); for example:
There was a samba security upgrade on Wed, 29 Mar 2023 17:59:17 +0300 [1]:
---
[1] https://metadata.ftp-master.debian.org/ ... _changelog
I'm not able to replicate the issue today (the nobody folder does not appear); for example:
Code: Select all
$ smbclient -U aki -L 192.168.178.40
Enter WORKGROUP\aki's password:
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
IPC$ IPC IPC Service (Samba 4.17.7-Debian)
aki Disk Home Directories
There was a samba security upgrade on Wed, 29 Mar 2023 17:59:17 +0300 [1]:
Can you upgrade samba in your installation and test again ?samba (2:4.17.7+dfsg-1) unstable; urgency=high
* upstream stable/security/bugfix release, fixing the following issues:
o CVE-2023-0225: An incomplete access check on dnsHostName allows
authenticated but otherwise unprivileged users to delete this
attribute from any object in the directory.
https://www.samba.org/samba/security/CVE-2023-0225.html
o CVE-2023-0922: The Samba AD DC administration tool, when operating
against a remote LDAP server, will by default send new or reset
passwords over a signed-only connection.
https://www.samba.org/samba/security/CVE-2023-0922.html
o CVE-2023-0614: Fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
Confidential attribute disclosure via LDAP filters was insufficient and
an attacker may be able to obtain confidential BitLocker recovery keys
from a Samba AD DC. Installations with such secrets in their Samba AD
should assume they have been obtained and need replacing.
https://www.samba.org/samba/security/CVE-2023-0614.html
Closes: CVE-2023-0225 CVE-2023-0922 CVE-2023-0614
* update libldb symbols and versions
-- Michael Tokarev <mjt@tls.msk.ru> Wed, 29 Mar 2023 17:59:17 +0300
---
[1] https://metadata.ftp-master.debian.org/ ... _changelog
- Space Invader
- Posts: 7
- Joined: 2023-05-18 14:08
- Location: $HOME
Re: [Software] Samba 4.17 "nobody" folder
I recently stumbled across this issue since my upgrade to Bookworm and, as I did not find any mention in Samba's documentation, I just added the following “share”:
Code: Select all
[nobody]
browseable = no
Last edited by Space Invader on 2023-05-28 05:24, edited 1 time in total.
-
- Global Moderator
- Posts: 2960
- Joined: 2014-07-20 18:12
- Location: Europe
- Has thanked: 73 times
- Been thanked: 405 times
Re: [Software] Samba 4.17 "nobody" folder
Hello,
What is the samba version you are running ?Space Invader wrote: ↑2023-05-18 14:29 I recently stumbled across this issue since my upgrade to Bookworm [..]
- Space Invader
- Posts: 7
- Joined: 2023-05-18 14:08
- Location: $HOME