Enable net usershare?

On Thu, Jul 26, 2007 at 03:45:34PM -0000, Soren Hansen wrote:
> Enable "net usershare" in our Samba packages.

> https://lists.ubuntu.com/archives/ubuntu-devel/2007-January/023128.html

I've looked a bit into this (the net(8) and smb.conf(5) man pages are
helpful). It seems that all is needed is to set "usershare path" in
smb.conf pointing to a directory owned by root:foo, where foo is the
UNIX group we want to grant the ability to make use of this feature. We
need to evaluate if it makes most sense to make this the admin group or
a new group we create for this purpose.

Comments?

--
Soren Hansen
Ubuntu Server Team
http://www.ubuntu.com/

Nautilus-share is a nautilus extension that depends on this functionnality:
http://packages.ubuntu.com/feisty/gnome/nautilus-share

I've attached a debdiff that enables net usershare.

Søren: can you review the change and check if it fixes things for you?

On Tue, Aug 21, 2007 at 10:45:03AM -0000, Daniel Holbach wrote:
> Søren: can you review the change and check if it fixes things for you?

Actually, I didn't need it at all :) I just filed the bug based on
someone (possibly Sebastien) in #ubuntu-server asking for it and I
didn't have time to work on it just then.

Sebastien: Could you see if the patch works for you?

--
Soren Hansen
Ubuntu Server Team
http://www.ubuntu.com/

How are we supposed to tell to the user that he must be part of a
specific group to use this feature?

Should he part of this group by default? (Like the audio group etc) or
should we display a message when he installs nautilus-share?

2007/8/24, Soren Hansen <email address hidden>:
> On Tue, Aug 21, 2007 at 10:45:03AM -0000, Daniel Holbach wrote:
> > Søren: can you review the change and check if it fixes things for you?
>
> Actually, I didn't need it at all :) I just filed the bug based on
> someone (possibly Sebastien) in #ubuntu-server asking for it and I
> didn't have time to work on it just then.
>
> Sebastien: Could you see if the patch works for you?
>
> --
> Soren Hansen
> Ubuntu Server Team
> http://www.ubuntu.com/
>
> --
> Enable net usershare?
> https://bugs.launchpad.net/bugs/128548
> You received this bug notification because you are a direct subscriber
> of the bug.
>

--
Sebastien Estienne

Why not use pop up notification when installing nautilus-share like notification when firefox is updated ?!

This notification should say :

Nautilus-share have created a new group called smbshare
If you want to share files please add yourself in this group and logout/login
(Système/Administration/USers and groups)

Another solution that was discussed with seb128 was to add a new user
privilege in the 'user and group' application.

The patch works.

what do you think about adding these 2 options:
usershare allow guests = yes
usershare owner only = yes

the last one restricts the folders that a user can share to the folders that he owns, eg: he won't be able to share /etc .

I noticed something strange that may not be directly related to net usershare:

from the man of "net usershare add":
The default if no "acl" is given is "Everyone:R", which means any authenticated user has read-only access.

so when i try to create a share without specifying the acl it's ok:
net usershare add mytest /home/sebest/tmp/ tmp

net usershare info mytest
[mytest]
path=/home/sebest/tmp/
comment=tmp
usershare_acl=S-1-1-0:R
guest_ok=n

but when i try to force it to Everyone:R (the default value from the man):
net usershare add mytest /home/sebest/tmp/ tmp Everyone:R
net usershare add: cannot convert name "Everyone" to a SID. Wrong Password.

Any idea where the issue comes from?

i noticed that this fails too:
 net usersidlist
[2007/08/28 14:01:56, 0] utils/net_rpc.c:net_usersidlist(4724)
  Could not get the user/sid list

I'm not sure that changing the configuration file on upgrade in the postinst the way it's done is a good idea. What if a sysadmin decided to remove those lines from the config file. Changing the package configuration should be enough, if users have not modified their configuration they will get the changes otherwise they should be able to do the change

On Tue, Aug 28, 2007 at 02:37:55PM -0000, Sebastien Bacher wrote:
> What if a sysadmin decided to remove those lines from the config file.

May be the package version that we're upgrading from should be checked.

> Changing the package
> configuration should be enough, if users have not modified their
> configuration they will get the changes otherwise they should be able to
> do the change

The vast majority of the users will have a modified smb.conf file, as the
default one doesn't have any share defined. Thus, the majority of the
users upgrading won't get the new functionality.

On Tue, Aug 28, 2007 at 12:03:13PM -0000, Sebastien Estienne wrote:
> from the man of "net usershare add": The default if no "acl" is given
> is "Everyone:R", which means any authenticated user has read-only
> access.

I see your problem. The reason is that S-1-1-0 apparantly is synonymous
with "Everyone", but the string "Everyone" is not actually recognized. I
think this is mostly a documentation problem. It shouldn't say
"Everyone:R", when that's not actually the default. It could say that
the default is that everyone has read access, but writing it in quotes
is misleading.

--
Soren Hansen
Ubuntu Server Team
http://www.ubuntu.com/

On Tue, Aug 28, 2007 at 07:30:25PM -0000, Mathias Gug wrote:
> The vast majority of the users will have a modified smb.conf file, as
> the default one doesn't have any share defined. Thus, the majority of
> the users upgrading won't get the new functionality.

Indeed. This is a common problem, actually. There are many features we
add in each release cycle that will not be obvious on anything but fresh
installs. This holds true for both server and desktop software and is
rather unfortunate in both cases. I agree with seb128, though. Messing
about with user's configuration files is error prone and frowned upon.
I'm not sure how to handle it instead, though.

--
Soren Hansen
Ubuntu Server Team
http://www.ubuntu.com/

Le mercredi 29 août 2007 à 08:04 +0000, Soren Hansen a écrit :

> rather unfortunate in both cases. I agree with seb128, though. Messing
> about with user's configuration files is error prone and frowned upon.
> I'm not sure how to handle it instead, though.

The usual way is to make it work for new configurations and add
something to the gutsy notes for users upgrading

I've attached a new debdiff that removes the smb.conf update in the postinst script, as suggested by sebastien above.

Works well for me, will it be comitted to the repository?

Hardy material.

had the same problem, but setting security=share withing Authenticiation in /etc/samba/smb.conf worked fine for me.

source:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/32067

had the same problem, but setting security=share within Authenticiation in /etc/samba/smb.conf worked fine for me.

source:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/32067

samba (3.0.27a-1ubuntu1) hardy; urgency=low

  * Merge from debian unstable (LP: #165072), remaining changes:
    * debian/patches/VERSION.patch:
      - set SAMBA_VERSION_VENDOR_SUFFIX to Ubuntu
    * debian/control:
      - Remove type-handling (not used in Ubuntu)
    * debian/rules:
      - Remove type-handling.
    * debian/samba.init:
      - Ubuntu's log_progress_msg is a no-op, so to avoid confusion, don't
        say specifically which daemons we're handling. (LP #25803)
    * debian/smb.conf:
      - Add "(Samba, Ubuntu)" to server string.
      - Comment out the default [homes] shares and add more verbose comments to
        explain what they do and how they work (LP #27608). Also, add a
        comment about "valid users = %S" to show users how to restrict access
        to \\server\username to only username.
      - default passwd chat value is modified
    * debian/panic-action:
      - Alter the panic-action script to link to the samba bug reporting page
        on Launchpad.
    * debian/samba-common.config:
      - do not change priority to HIGH if dhclient3 is installed
      - use priority medium instead of high for the workgroup question
    * Set Ubuntu maintainer address.
  * Bugs fixed in Debian:
    - Enable net usershare (LP: #128548)
  * Ubuntu patches merged in Debian:
    * debian/smb.conf:
      - "printer admin" is a deprecated option, and is dropped
        completely from the examples.
    * debian/samba-common.templates:
      - Default workgroup value is now set to WORKGROUP; this is a
        change from previous Ubuntu versions which used MSHOME, but is
        consistent with the Samba upstream defaults and the default
        behavior for most versions of Windows.
  * Ubuntu patches dropped:
    * debian/rules:
      - Samba should not use --error-handler=true for its init script.
    * debian/samba-common.templates, debian/po/*.po:
      - unnecessary divergence from Debian debconf template which
        resulted in fuzzy translations; this is cleaned up now

samba (3.0.27a-1) unstable; urgency=low

  [ Steve Langasek ]
  * New upstream release
    - fix regression with smbfs clients, introduced by the security fix in
      3.0.27. Closes: #451839.
    - debian/patches/cifs-umount-trailing-slashes.patch: merged upstream.
  * Drop the deprecated "printer admin" example from the default smb.conf.
    Closes: #451273.
  * Add a *new* debian/patches/cups.patch to *enable* cups as the default
    printing system, because since the original introduction of this patch
    in Debian there was a regression upstream that caused cups to never be
    selected as the default print system.
  * Set the default value for the workgroup question to "WORKGROUP" in
    samba-common.templates, not just in the template smb.conf, so that the
    debconf question comes out right every time; and always treat this
    as a high-priority debconf question instead of selecting the
    priority based on whether there's an existing value, since there's
    now *always* an existing value but the value doesn't tell us
    anything meaningful about the user's preference. Closes: #451271.
  * Drop some code from samba.postinst that only...

i want default is security = user, not security = share, because it is secure. But my system, when i create a share dir and use right click to make a dir shared. Check smb.conf file, security = share. how to fix this ?

Hi here!

What's the reason here to change the compile-time default value for the usershare max shares (from 0 to 100) instead of just letting the admin to configure this feature if they wants to? It is just a flip of a single parameter in smb.conf.

I for one have to disable this debian-enabled feature on every server we have, and this is quite some of them.

I'm considering to remove this change from the debian samba package (with the adding of the NEWS item saying we're now in agreement with upstream finally, after almost 15 years). What do you think?

This is being discussed on https://alioth-lists.debian.net/pipermail/pkg-samba-maint/2022-May/023421.html

If you are running Samba on a farm of servers, you are probably using configuration management system like Chef / Puppet / Ansible / etc, so changing a configuration setting should be part of your default practice to harden your servers?!

Why does the default config matter so much?

--
Sebastien E.

> On May 3, 2022, at 08:20, Michael Tokarev <email address hidden> wrote:
>
> Hi here!
>
> What's the reason here to change the compile-time default value for the
> usershare max shares (from 0 to 100) instead of just letting the admin
> to configure this feature if they wants to? It is just a flip of a
> single parameter in smb.conf.
>
> I for one have to disable this debian-enabled feature on every server we
> have, and this is quite some of them.
>
> I'm considering to remove this change from the debian samba package
> (with the adding of the NEWS item saying we're now in agreement with
> upstream finally, after almost 15 years). What do you think?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/128548
>
> Title:
> Enable net usershare?
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/samba/+bug/128548/+subscriptions
>