Re: GNOME-Samba interface

On Sun, 27 Jun 1999, Derek Simkowiak wrote:

> > 2) As I said before, Samba must be restarted. Until I can snag a
> > Debian CD, I don't have any modern distributions to test this on other
> > than Red Hat. The concern is how to restart Samba that will be happy for
> > all distributions and even other UNIX flavors. Probably the easiest way
> > around this is a configuration option, no? Again, it's a root problem (at
> > least on Red Hat) because although /etc/rc.d/init.d/smb is world
> > executeable, a regular user can't successfully execute a 'smb restart'.
> 	Well, the more distribution-independent way would be avoid the use
> of init scripts altogether and launch smbd with your own script.  Then it
> boils down to looking for smbd in the right places (to launch it), and
> issuing a "killall smbd" to kill it.

Except that Samba needs to start at boot time, not when GNOME starts.

> 	One thing to consider: Will you also need to kill/restart nmbd for
> any of the changes your program will allow the user to make?
> 	Also, are you sure Samba must be restarted?  From the Samba man
> page:
> ------------------------------------------------------------- 
> The configuration file, and any files that it includes, are automatically
> reloaded every minute, if they change. You can force a reload by sending a
> SIGHUP to the server. Reloading the configuration file will not affect
> connec- tions to any service that is already established.  Either the user
> will have to disconnect from the service, or smbd killed and restarted.
> -------------------------------------------------------------

True, but that is not good enough; we should also be able to select
specific connections (analyze the output of smbstatus, or use the
smbstatus routines internal to Samba) and nuke them which would require
root as well. 

> for things like adding a share, you can just send a sighup
> to the server (or wait up to one minute :).

Still need to be root to do that.

> > 3) The smb.conf file uses a similar configuration to the gnome-config
> > module, only it is much less strict. It allows spaces just about anywhere
> > and allows # and ; to show comments. I tried loading one into the
> > gnome-config and it just quit when it came across a comment. Fortunately,
> > smb.conf has an include statement so that other files can be loaded right
> > in. While it would be okay for non-root users to edit a config file to be
> > included in smb.conf, smb.conf itself cannot be edited by anyone except
> > root, so it is not possible to change "profiles" if you are not root. And
> > again, it takes root perms to force these changes into effect.

Look at the source of smbpasswd; it contains simple code to read the
smbpasswd file.  If you *really* want to parse this sucker, it may be a
good idea to simply link against the Samba parsing objects (the new 2.0
and CVS code bases are very programmer-friendly [unlike the pre-2.0 code
which was a nightmare of spaghetti]) 

> 	Here's a quick (disorganized) braindump:
> 1) Allowing a regular user to "share" a directory, ANY directory (whether
> its their own or not) is a serious security risk.  A cracker could
> theoretically get full access to your filesystem if things are set up
> improperly in your smb.conf, so allowing normal users to mess with it is
> a no-no.

Or, at least, a feature which should be reserved for the next incarnation
of this project.

> 2) Because of (1), any user who wants to share a directory should have the
> root password.
> 3) Because of (2), your Samba interface should probably just have a popup
> dialog that says "Please enter the root password:" every time a user goes
> to share a directory.  It's only a minor inconvenience (you'd only have to
> do it the first time you share/remove a share from the smb.conf file) and
> gets around that whole root-user problem.
> 4) An additional feature I'd like to see in your Gnome/Samba interface is
> the use of smbclient to offer "Browsing".  That is, I'd like to have a
> "SMB Network Neighborhood" icon that shows other SMB systems on my
> network, and when I click on a system, I get a list of shares/shared
> printers that I can then mount somewhere... I think this is as important
> as the ability to export shares.

That should be fairly simple.  (the famous last quote)

I've done quite a bit of Samba hacking and I'm aching to whet my teeth in
GTK/GNOME.  This sounds like an interesting project; if anyone needs help,
just fire off an e-mail to me.  I've done a few projects with strictly

The wheel is turning but the hamster is dead.
Craig Kelley  -- finger for PGP block

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]