A warning about SMB sharing and file security

Jan 19, '04 10:32:00AM

Contributed by: Anonymous

I have a Mac which is file sharing over the Internet, and it has various users set up on it. When a Mac user connects via AFP, they use their username and password to log in, and then they can access only their own user folder.

If I connect via SMB from my Mac, I can only see the user's home folder ... but if a Linux user connects via SMB, they can see everything on the whole machine.

So it seems that Panther's SMB server incorrectly shares the whole machine, and its SMB client doesn't work the way other clients do and fails to alert you to this problem.

[robg adds: I can't test this one here; if anyone can confirm, this sounds like at least a bit of a security hole...]

Comments (10)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20031231092959219