Re: GNOME-Samba interface
- From: Craig Kelley <ink inconnu isu edu>
- To: Derek Simkowiak <dereks kd-dev com>
- cc: gnome-devel-list gnome org
- Subject: Re: GNOME-Samba interface
- Date: Sun, 27 Jun 1999 20:33:46 -0600 (MDT)
On Sun, 27 Jun 1999, Derek Simkowiak wrote:
> > 2) As I said before, Samba must be restarted. Until I can snag a
> > Debian CD, I don't have any modern distributions to test this on other
> > than Red Hat. The concern is how to restart Samba that will be happy for
> > all distributions and even other UNIX flavors. Probably the easiest way
> > around this is a configuration option, no? Again, it's a root problem (at
> > least on Red Hat) because although /etc/rc.d/init.d/smb is world
> > executeable, a regular user can't successfully execute a 'smb restart'.
> Well, the more distribution-independent way would be avoid the use
> of init scripts altogether and launch smbd with your own script. Then it
> boils down to looking for smbd in the right places (to launch it), and
> issuing a "killall smbd" to kill it.
Except that Samba needs to start at boot time, not when GNOME starts.
> One thing to consider: Will you also need to kill/restart nmbd for
> any of the changes your program will allow the user to make?
> Also, are you sure Samba must be restarted? From the Samba man
> The configuration file, and any files that it includes, are automatically
> reloaded every minute, if they change. You can force a reload by sending a
> SIGHUP to the server. Reloading the configuration file will not affect
> connec- tions to any service that is already established. Either the user
> will have to disconnect from the service, or smbd killed and restarted.
True, but that is not good enough; we should also be able to select
specific connections (analyze the output of smbstatus, or use the
smbstatus routines internal to Samba) and nuke them which would require
root as well.
> ...so for things like adding a share, you can just send a sighup
> to the server (or wait up to one minute :).
Still need to be root to do that.
> > 3) The smb.conf file uses a similar configuration to the gnome-config
> > module, only it is much less strict. It allows spaces just about anywhere
> > and allows # and ; to show comments. I tried loading one into the
> > gnome-config and it just quit when it came across a comment. Fortunately,
> > smb.conf has an include statement so that other files can be loaded right
> > in. While it would be okay for non-root users to edit a config file to be
> > included in smb.conf, smb.conf itself cannot be edited by anyone except
> > root, so it is not possible to change "profiles" if you are not root. And
> > again, it takes root perms to force these changes into effect.
Look at the source of smbpasswd; it contains simple code to read the
smbpasswd file. If you *really* want to parse this sucker, it may be a
good idea to simply link against the Samba parsing objects (the new 2.0
and CVS code bases are very programmer-friendly [unlike the pre-2.0 code
which was a nightmare of spaghetti])
> Here's a quick (disorganized) braindump:
> 1) Allowing a regular user to "share" a directory, ANY directory (whether
> its their own or not) is a serious security risk. A cracker could
> theoretically get full access to your filesystem if things are set up
> improperly in your smb.conf, so allowing normal users to mess with it is
> a no-no.
Or, at least, a feature which should be reserved for the next incarnation
of this project.
> 2) Because of (1), any user who wants to share a directory should have the
> root password.
> 3) Because of (2), your Samba interface should probably just have a popup
> dialog that says "Please enter the root password:" every time a user goes
> to share a directory. It's only a minor inconvenience (you'd only have to
> do it the first time you share/remove a share from the smb.conf file) and
> gets around that whole root-user problem.
> 4) An additional feature I'd like to see in your Gnome/Samba interface is
> the use of smbclient to offer "Browsing". That is, I'd like to have a
> "SMB Network Neighborhood" icon that shows other SMB systems on my
> network, and when I click on a system, I get a list of shares/shared
> printers that I can then mount somewhere... I think this is as important
> as the ability to export shares.
That should be fairly simple. (the famous last quote)
I've done quite a bit of Samba hacking and I'm aching to whet my teeth in
GTK/GNOME. This sounds like an interesting project; if anyone needs help,
just fire off an e-mail to me. I've done a few projects with strictly
The wheel is turning but the hamster is dead.
Craig Kelley -- firstname.lastname@example.org
http://www.isu.edu/~kellcrai finger email@example.com for PGP block
] [Thread Prev