From owner-freebsd-questions@FreeBSD.ORG  Thu Mar 10 19:21:20 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EBB2516A4CE
	for <questions@freebsd.org>; Thu, 10 Mar 2005 19:21:19 +0000 (GMT)
Received: from mail24.sea5.speakeasy.net (mail24.sea5.speakeasy.net
	[69.17.117.26])	by mx1.FreeBSD.org (Postfix) with ESMTP id 735B343D53
	for <questions@freebsd.org>; Thu, 10 Mar 2005 19:21:19 +0000 (GMT)
	(envelope-from freebsd-questions-local@be-well.ilk.org)
Received: (qmail 4244 invoked from network); 10 Mar 2005 19:21:19 -0000
Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org)
	([66.92.78.145])
	(envelope-sender <freebsd-questions-local@be-well.ilk.org>)
	by mail24.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP
	for <david.larkin@djl.co.uk>; 10 Mar 2005 19:21:19 -0000
Received: by be-well.ilk.org (Postfix, from userid 1147)
	id 434D451; Thu, 10 Mar 2005 14:21:18 -0500 (EST)
Sender: lowell@be-well.ilk.org
To: David Larkin <david.larkin@djl.co.uk>
References: <20050310182852.0a9e0951@sparrow>
	<20050311021240.9F16.LUKEK@meibin.net>
	<20050310185932.6a965cd8@sparrow> <20050310191945.574bb924@sparrow>
From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
Date: 10 Mar 2005 14:21:18 -0500
In-Reply-To: <20050310191945.574bb924@sparrow>
Message-ID: <44sm3371e9.fsf@be-well.ilk.org>
Lines: 88
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
cc: questions@freebsd.org
Subject: Re: SAMBA newbie
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: questions@freebsd.org
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2005 19:21:20 -0000

David Larkin <david.larkin@djl.co.uk> writes:

> On Thu, 10 Mar 2005 18:59:32 +0000
> David Larkin <david.larkin@djl.co.uk> wrote:
> 
> > On Fri, 11 Mar 2005 02:15:28 +0900
> > Luke Kearney <lukek@meibin.net> wrote:
> > 
> > > 
> > > On Thu, 10 Mar 2005 18:28:52 +0000
> > > David Larkin <david.larkin@djl.co.uk> spake thus:
> > > 
> > > > I have a FreeBSD 5.3 machine and a Windoze XP box.
> > > > 
> > > > I am the only user of both.
> > > > 
> > > > I don't want to share files or act as a full time fileserver.
> > > > 
> > > > I simply wish to exchange files ocassionally, e.g. copy FreeBSD backup files to the XP box to burn on CD.
> > > > 
> > > > I used to use anon ftp for this type of thing but found the security a nightmare. I've now installed Samba on the FreeBSD box , but I'm not sure this is a good idea.
> > > > 
> > > > Can I set up a 'sandbox' directory on my FreeBSD machine where both machines can read and write ? 
> > > > 
> > > > After installing samba and setting the workgroup in smb.conf, i can now see the FREEBSD box in 'view workgroup computers' but clicking on that I am asked for a username/password , which i'm reluctant to give.
> > > > 
> > > > Any advice ?
> > > > _______________________________________________
> > > 
> > > 
> > > Hello,
> > > If you take a look at the documentation you will find that you have
> > > several options, you can encrypt the passwds, you could set up a guest
> > > account with no passwd but restrict access to a particular filesystem to
> > > think of but two.
> > > 
> > > HTH
> > > 
> > > LukeK
> > > 
> > 
> > Thanks, I don't want to use any passwords, enrypted or otherwise
> > 
> > The guest account sounds interesing.
> > 
> > I've commented out the following in smb.conf
> > 
> > # This one is useful for people to share files
> > [tmp]
> >    comment = Temporary file space
> >    path = /tmp
> >    read only = no
> >    public = yes
> > 
> > 
> > should this allow everyone on both machines to write to the /tmp directory but not execute anything there ? 
> > 
> > I still get challenged for a username/password on the XP directory.
> > guest/guest and nobody/nobody   both fail
> > 
> 
> OK, I got that to work by changing the line 
> security = user
> 
> to
> 
> security = share
> 
> 
> Is this safe ?????

It isn't necessarily *that* bad security-wise, but if anyone else
might get access to the network over which they are communicating, 
they could make trouble.  On my own home network, I have mitigated
(but not eliminated) this problem by making a very small filesystem
just for this Samba share.  [I built the filesystem from file-backed
mdmfs(8).]  And make *very* sure that your Samba is not reachable from
other networks.

If you're really the only user of both systems, I would expect ssh
(with public key authentication, to avoid the passwords you said you
didn't want to type) would be easier (because it will work in either
direction, from either machine).  But that depends on your actual
usage patterns, of course.

-- 
Lowell Gilbert, embedded/networking software engineer, Boston area
		http://be-well.ilk.org/~lowell/