Default Configuration

As we can imagine, Samba offers a wide range of settings that we can configure. Again, we define the settings via a text file where we can get an overview of some of the settings. These settings look

z3tssu@htb[/htb]$ cat /etc/samba/smb.conf | grep -v "#\|\;" 

[global]
   workgroup = DEV.INFREIGHT.HTB
   server string = DEVSMB
   log file = /var/log/samba/log.%m
   max log size = 1000
   logging = file
   panic action = /usr/share/samba/panic-action %d

   server role = standalone server
   obey pam restrictions = yes
   unix password sync = yes

   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

   pam password change = yes
   map to guest = bad user
   usershare allow guests = yes

[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700

[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no

Samba Settings

Setting

Description

[sharename]

The name of the network share.

workgroup = WORKGROUP/DOMAIN

Workgroup that will appear when clients query.

path = /path/here/

The directory to which user is to be given access.

server string = STRING

The string that will show up when a connection is initiated.

unix password sync = yes

Synchronize the UNIX password with the SMB password?

usershare allow guests = yes

Allow non-authenticated users to access defined share?

map to guest = bad user

What to do when a user login request doesn't match a valid UNIX user?

browseable = yes

Should this share be shown in the list of available shares?

guest ok = yes

Allow connecting to the service without using a password?

read only = yes

Allow users to read files only?

create mask = 0700

What permissions need to be set for newly created files?

Dangerous Settings

Setting

Description

browseable = yes

Allow listing available shares in the current share?

read only = no

Forbid the creation and modification of files?

writable = yes

Allow users to create and modify files?

guest ok = yes

Allow connecting to the service without using a password?

enable privileges = yes

Honor privileges assigned to specific SID?

create mask = 0777

What permissions must be assigned to the newly created files?

directory mask = 0777

What permissions must be assigned to the newly created directories?

logon script = script.sh

What script needs to be executed on the user's login?

magic script = script.sh

Which script should be executed when the script gets closed?

magic output = script.out

Where the output of the magic script needs to be stored?

PreviousBasics NextCreate and Manage Samba Share

Last updated 3 months ago

z3tssu@htb[/htb]$ cat /etc/samba/smb.conf | grep -v "#\|\;" [global] workgroup = DEV.INFREIGHT.HTB server string = DEVSMB log file = /var/log/samba/log.%m max log size = 1000 logging = file panic action = /usr/share/samba/panic-action %d server role = standalone server obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user usershare allow guests = yes [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no

Samba Settings

Setting

Description

[sharename]

The name of the network share.

workgroup = WORKGROUP/DOMAIN

Workgroup that will appear when clients query.

path = /path/here/

The directory to which user is to be given access.

server string = STRING

The string that will show up when a connection is initiated.

unix password sync = yes

Synchronize the UNIX password with the SMB password?

usershare allow guests = yes

Allow non-authenticated users to access defined share?

map to guest = bad user

What to do when a user login request doesn't match a valid UNIX user?

browseable = yes

Should this share be shown in the list of available shares?

guest ok = yes

Allow connecting to the service without using a password?

read only = yes

Allow users to read files only?

create mask = 0700

What permissions need to be set for newly created files?

Dangerous Settings

Setting

Description

browseable = yes

Allow listing available shares in the current share?

read only = no

Forbid the creation and modification of files?

writable = yes

Allow users to create and modify files?

guest ok = yes

Allow connecting to the service without using a password?

enable privileges = yes

Honor privileges assigned to specific SID?

create mask = 0777

What permissions must be assigned to the newly created files?

directory mask = 0777

What permissions must be assigned to the newly created directories?

logon script = script.sh

What script needs to be executed on the user's login?

magic script = script.sh

Which script should be executed when the script gets closed?

magic output = script.out

Where the output of the magic script needs to be stored?