Re: GNOME-Samba interface

[Joe Shaw <joe off net>]

> > 	Well, the more distribution-independent way would be avoid the use
> > of init scripts altogether and launch smbd with your own script.  Then it
> > boils down to looking for smbd in the right places (to launch it), and
> > issuing a "killall smbd" to kill it.
> 
> Except that Samba needs to start at boot time, not when GNOME starts.

Furthermore, this will throw distributions that like to shut down these
services at shutdown/reboot out of whack. What I've decided to do is just
have a configuration option that will allow the user to specify how to
restart Samba. I'll put in a generic option in the .tar.gz and use "smb
restart" in the .rpms and whomever else wishes to make packages can set
that to whatever is appropriate.

> > 	Also, are you sure Samba must be restarted?  From the Samba man
> > page:
> > 
> > [Samba man page excerpt...]
> 
> True, but that is not good enough; we should also be able to select
> specific connections (analyze the output of smbstatus, or use the
> smbstatus routines internal to Samba) and nuke them which would require
> root as well. 

Yes, and it is somewhat unclear on Samba's behaviour after removing a
share. Does it disconnect the machines connected to the service when it
rereads the config file? I will have to look into how to kill specific
connections to a service, but that will require root as well.

> Look at the source of smbpasswd; it contains simple code to read the
> smbpasswd file.  If you *really* want to parse this sucker, it may be a
> good idea to simply link against the Samba parsing objects (the new 2.0
> and CVS code bases are very programmer-friendly [unlike the pre-2.0 code
> which was a nightmare of spaghetti]) 

Well, the params.c and loadparam.c files are pretty ugly, but I have
considered using them. I dunno, something about sticking ALL of
the includes for the package into one header file rubs me the
wrong way. :) However, since I hope that this will (eventually)
be used entirely to configure Samba on the server end, for the intial
releases I think people can live with configuring some of the more obscure
(and not often used) options by hand in the right format.

> > 1) Allowing a regular user to "share" a directory, ANY directory (whether
> > its their own or not) is a serious security risk.  A cracker could
> > theoretically get full access to your filesystem if things are set up
> > improperly in your smb.conf, so allowing normal users to mess with it is
> > a no-no.
> 
> Or, at least, a feature which should be reserved for the next incarnation
> of this project.

Well, I tend to agree that this is a major security risk, and with NT
machines, only those with administrative powers can share things. I see no
reason to do it otherwise here, as well.

> > 3) Because of (2), your Samba interface should probably just have a popup
> > dialog that says "Please enter the root password:" every time a user goes
> > to share a directory.  It's only a minor inconvenience (you'd only have to
> > do it the first time you share/remove a share from the smb.conf file) and
> > gets around that whole root-user problem.

Yes, I'll probably have to write this phantom "gsu" utility I keep
mentioning, since Miguel says that it doesn't exist. :) Perhaps a
configuration option to ask if you want to reauthenticate every time.
We'll see.

> > 4) An additional feature I'd like to see in your Gnome/Samba interface is
> > the use of smbclient to offer "Browsing".  That is, I'd like to have a
> > "SMB Network Neighborhood" icon that shows other SMB systems on my
> > network, and when I click on a system, I get a list of shares/shared
> > printers that I can then mount somewhere... I think this is as important
> > as the ability to export shares.

That's more of a client thing than a server thing, and I believe there are
one or two of those either working or forthcoming, from what I've seen on
Freshmeat. It isn't as easy as you may think (although I can't really
remember _why_ exactly at this point... I looked a while ago and saw the
reason... It'll come to me...)

Joe