File sharing + users with null passwords ??
I have one computer that I share with others, some of which are barely computer literate and have accounts with null/empty passwords for convenience. This has not been a problem because all network services other than SSH are off. SSH does not allow users with null passwords to login for obvious reasons.
The problem is, neither SMB or AFP are set-up this way and there's no way to make it so users with null passwords cannot login. If you turn on AFP or SMB and you have users with null passwords, you're asking for trouble...
Does anybody know how I can disable AFP and SMB access on a per user basis? Or even better on the basis that only users with passwords may login to a share?
The problem is, neither SMB or AFP are set-up this way and there's no way to make it so users with null passwords cannot login. If you turn on AFP or SMB and you have users with null passwords, you're asking for trouble...
Does anybody know how I can disable AFP and SMB access on a per user basis? Or even better on the basis that only users with passwords may login to a share?
Comments
Originally posted by Eugene
Does anybody know how I can disable AFP and SMB access on a per user basis? Or even better on the basis that only users with passwords may login to a share?
yes, you can change per-user shares with samba. It takes some muddling with the smb config file (smb.conf?, i think in /etc or /etc/[something]). you should read up on the syntax of that file. somewhere in there there'll be a section for users. i'm not too familiar with the file format myself, but i'm pretty sure you can change smb settings per share. in the worst scenario, you'd have to setup new shares sections for everyone except the null-password people, but i think smb has an easier way. also, you'd have to find out, outside of samba, which users have null passwords (some simple netinfo queries should do the trick; ie, find/create one person who has a null password, see what his password is (encrypted) in netinfo, then search for everyone with that (encrypted) password; it might even be just a empty field in netinfo). i don't know about afp though.
i think a better policy would be to require all users to have a password though.
Originally posted by thuh Freak
i think a better policy would be to require all users to have a password though.
Not really.
password-free console login at home + no remote access
vs
trivial password + remote access enabled
I'll take the former every time. I know it's possible via the smb.conf, but what I really want is for Apple to be responsible for what it lets people do. It's quite easy to create an account without a password and enable file-sharing. Null password remote login should be disabled on all fronts by default. That's my beef.
Originally posted by Eugene
password-free console login at home + no remote access
vs
trivial password + remote access enabled
I'll take the former every time.
I don't agree with you there, but whatever.
I really want is for Apple to be responsible for what it lets people do. It's quite easy to create an account without a password and enable file-sharing. Null password remote login should be disabled on all fronts by default. That's my beef.
apple doesn't control, nor contribute (afaik), to samba. i'm pretty sure they use the free version (avail at samba.org). they don't control what happens with it. maybe you should post a suggestion to the samba team. but if its possible to control through the smb.conf, i doubt they'd do much else (what else can they do?). or maybe you should make the mods you need, and suggest that apple implement your mod'd smb.conf into their standard distribution.
Under the Accounts preference pane, click on edit user on the user(s) you don't want to have remote access. Uncheck the box below administer computer (the one that says "Allow user to log in from Windows"). This should prevent that user from being able to connect via smb. As for AFP, you're on your own, sorry.
Originally posted by thuh Freak
I don't agree with you there, but whatever.
The fact of the matter is this:
One security problem requires physical access to a trusted location.
The other security issue is remotely exploitable.
apple doesn't control, nor contribute (afaik), to samba. i'm pretty sure they use the free version (avail at samba.org). they don't control what happens with it. maybe you should post a suggestion to the samba team. but if its possible to control through the smb.conf, i doubt they'd do much else (what else can they do?). or maybe you should make the mods you need, and suggest that apple implement your mod'd smb.conf into their standard distribution.
This fix wouldn't require any contribution to SAMBA if it's as simple as adding the right syntax to the smb.conf and restarting the server. It is Apple's responsibility to secure its OS distribution to the best of its ability. If it chooses to include such file-sharing protocols, it needs to make sure its bases are covered.
I'm pretty sure a lot of people are running computers with a mixed assortment of password protected and non-password protected accounts. I'm also sure many of these computers are running with AFP and/or SMB file sharing on.
Originally posted by rrabu
I'm running 10.2.8 but this feature should still exist in 10.3.x:
Under the Accounts preference pane, click on edit user on the user(s) you don't want to have remote access. Uncheck the box below administer computer (the one that says "Allow user to log in from Windows"). This should prevent that user from being able to connect via smb. As for AFP, you're on your own, sorry.
That was the good thing about 10.2. You had to explicitly enable SMB filesharing for each user. You could also change the password independently, IIRC.