252893 – handbook: reference to outdated samba "security = shared" setting

Bug 252893 - handbook: reference to outdated samba "security = shared" setting

Summary: handbook: reference to outdated samba "security = shared" setting

Status:	Closed FIXED

Alias:	None

Product:	Documentation
Classification:	Unclassified
Component:	Books & Articles (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Mateusz Piotrowski

URL:	https://docs.freebsd.org/en/books/han...
Keywords:

Depends on:
Blocks:	handbook-2022
	Show dependency tree / graph

Reported:	2021-01-21 17:29 UTC by cm
Modified:	2024-09-09 18:46 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description cm 2021-01-21 17:29:01 UTC

Samba no longer has a "security = shared" setting, including on the version used by FreeBSD 11.

From https://www.freebsd.org/doc/handbook/network-samba.html:

"The most common settings are security = share and security = user... In share level security, clients do not need to log onto the server with a valid username and password before attempting to connect to a shared resource. This was the default security model for older versions of Samba."

Ideally this would be replaced by some instructions for creating a public share without "security = share", maybe with "map to guest = Bad User" (I'm not clear on the details so did not attempt a patch myself).

Comment 1 Pau Amma 2022-04-11 03:58:22 UTC

Is this still applicable? Current User Handbook language leads me to think it was fixed (but the "map to guest" one may still need to be added):

30.10.1.2. Security Settings
The most important settings in /usr/local/etc/smb4.conf are the security model and the backend password format. These directives control the options:

security
The most common settings are security = share and security = user. If the clients use usernames that are the same as their usernames on the FreeBSD machine, user level security should be used. This is the default security policy and it requires clients to first log on before they can access shared resources.

In share level security, clients do not need to log onto the server with a valid username and password before attempting to connect to a shared resource. This was the default security model for older versions of Samba.

Comment 2 commit-hook freebsd_committer

2024-09-09 18:45:25 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/doc/commit/?id=6530b8b5dba4707a6b8f31bc2af219f5f97f8060

commit 6530b8b5dba4707a6b8f31bc2af219f5f97f8060
Author:     Mateusz Piotrowski <0mp@FreeBSD.org>
AuthorDate: 2024-09-09 18:38:56 +0000
Commit:     Mateusz Piotrowski <0mp@FreeBSD.org>
CommitDate: 2024-09-09 18:42:06 +0000

    handbook: samba: Remove outdated `security=share` documentation

    "share" is no longer a supported setting for the "security" option.
    Update our documentation accordingly.

    PR:             252893
    Reported by:    cm@sdf.org
    Sponsored by:   Klara, Inc.

 documentation/content/en/books/handbook/network-servers/_index.adoc | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

Comment 3 Mateusz Piotrowski freebsd_committer

2024-09-09 18:46:43 UTC

Thanks for the report. I removed the outdated bits.