Red Hat Linux 7 Unleashed

By William Ball

• Table of Contents
  • Copyright
  • About the Lead Authors
  • About the Contributing Authors
  • Acknowledgments
  • Tell Us What You Think!
  • Introduction
  • I. Red Hat Linux Installation and User Services
  • Chapter 1. Introduction to Red Hat Linux
  • Chapter 2. Installation of Your Red Hat System
  • Chapter 3. LILO and Other Boot Managers
  • Chapter 4. Configuring the X Window System, Version 11
  • Chapter 5. Window Managers
  • Chapter 6. Connecting to the Internet
  • Chapter 7. IRC, ICQ, and Chat Clients
  • Chapter 8. Using Multimedia and Graphics Clients
  • II. Configuring Services
  • Chapter 9. System Startup and Shutdown
  • Chapter 10. SMTP and Protocols
  • Chapter 11. FTP
  • Chapter 12. Apache Server
  • Chapter 13. Internet News
  • Chapter 14. Domain Name Service and Dynamic Host Configuration Protocol
  • Chapter 15. NIS: Network Information Service
  • Chapter 16. NFS: Network Filesystem
  • Chapter 17. Samba
    • Installing Samba
    • Getting a Simple Samba Setup Running
    • Configuring Samba
    • Configuring a Samba File Server with linuxconf
    • Sharing Files and Print Services
    • Optimizing Samba Performance
    • Testing Your Configuration
    • Running the Samba Server
    • Accessing Shares
    • Common smb.conf Options
    • Samba Resources
    • Using Samba as a Logon Server
    • Samba Troubleshooting Tips
    • Samba Security
    • Using SWAT for Web-Based Samba Configuration
    • Using Samba as a Linux Migration Tool
    • Summary
  • III. System Administration and Management
  • Chapter 18. Linux Filesystems, Disks, and Other Devices
  • Chapter 19. Printing with Linux
  • Chapter 20. TCP/IP Network Management
  • Chapter 21. Linux System Administration
  • Chapter 22. Backup and Restore
  • Chapter 23. System Security
  • IV. Red Hat Development and Productivity
  • Chapter 24. Linux C/C++ Programming Tools
  • Chapter 25. Shell Scripting
  • Chapter 26. Automating Tasks
  • Chapter 27. Configuring and Building Kernels
  • Chapter 28. Emulators, Tools, and Window Clients
  • V. Appendixes
  • A. The Linux Documentation Project
  • B. Top Linux Commands and Utilities
  • C. The GNU General Public License
  • D. Red Hat Linux RPM Package Listings

Samba Security

Lock up your smb.conf file, and throw away the key. Giving a person write access to smb.conf is as good as giving him the root password. Here's why.

Imagine a disgruntled employee writing a script that backs up /etc/passwd and then creates an /etc/passwd file with no root password. He logs in as root, without a password, and now has control of your system. He restores the original /etc/passwd and changes the password again.

But of course the script mentioned in the preceding paragraph won't work unless he's running as root. So he writes the script, manages to get write access to smb.conf, and adds a new share with a root preexec= option pointing to his mischievous script. He then accesses his new share through Samba, and immediately logs in as root and changes the password. He covers his tracks, and owns the system. Unbelievably, he didn't need to restart Samba to accomplish this exploit.

The root preexec= and root postexec= parameters run the commands specified by their values as root. This functionality cannot be turned off without a source code change to Samba. Therefore, the utmost care must be taken to grant smb.conf write access only to those who can be trusted with the root password. Making smb.conf owner root, group root, file mode 644 should do the trick.

SWAT Precautions

SWAT is the smb.conf configuration program with a browser interface, discussed later in the section titled "Using SWAT for Web-Based Samba Configuration." The preceding caution statement highlights one of the security issues with SWAT. There are others. All passwords given to SWAT are sent in the clear, so they can be sniffed. That's why it's best to allow SWAT only from localhost.

Another SWAT precaution is to shut down all sessions of your browser after completing your SWAT work. A SWAT authentication remains good as long as there's a session of the browser. That means you could finish your SWAT work, navigate out of the SWAT Web pages, and even close the browser. But if there are other copies of the browser running, a sneaky co-worker could sit down at your computer, navigate to http://192.168.100.1:901 (or wherever your Samba server resides), and install a mischievous root preexec= parameter while you're gone.

Considerations for Special Parameters

Several parameters deserve a security mention. Certainly the hosts equiv= parameter should never be used, because it specifies a file listing hosts and users who are allowed on without passwords.

In anything but the most trusting environments, or servers with nothing but printers, security=share should not be used because passwords relate to shares, not users. That means when an employee leaves, he leaves with the passwords to the shares. It also means that passwords are known far and wide.

Watch out for the admin users= parameter. It grants users listed in its value total access to the share's entire tree. Although they are confined to that tree, they can still do plenty of damage if mistakes are made. Don't use admin users= unless you have a very good reason to do so, and can't do what is needed any other way.

The valid users= parameter is a good thing. It restricts share access to those on its list. Because groups can be put in that list, you should use a valid users= parameter in all shares except those you truly want to be universally accessible, or in special shares like [homes], [printers], and [netlogon].

Use writeable=, read list=, and write list= to determine which users and groups have write access.

The hosts allow= parameter can limit access to certain subnets or hosts. Use it.

This Is the Tip of the Iceberg

Security is an immense subject. This section has presented a few of the most obvious security issues. There are hundreds of other issues, including password synchronization, LDAP, NIS, SSL, Kerberos, checking the authenticity of your Samba source code or RPM package, and much, much more. Samba Unleashed contains an entire chapter on Samba security, and for the system administrator needing to lock things down really tight, there's plenty to learn beyond that.

Share This