Ubuntu
samba package

Shares do not get unshared but user is unaware

Bug #70590 reported by Vincenzo Ciancia
256
Affects Status Importance Assigned to Milestone
gnome-system-tools (Ubuntu)
Invalid
High
Ubuntu Desktop Bugs
Nominated for Gutsy by Vincenzo Ciancia
samba (Ubuntu)
Won't Fix
Undecided
Unassigned
Nominated for Gutsy by Vincenzo Ciancia

Bug Description

I share a folder, then unshare it. I tried even to wait some minute, but the folder is never unshared, moreover, it's no longer visible in system->shared folders, so this could even be considered a security vulnerability. I expect that users will use the "share folder" facility to quickly pass stuff to other people, and then unshare the folder when they're done. Doing things this way, the share stays there and other people can access it, the user being unaware of the fact (of course, the method was not secure in principle).

Revision history for this message
Vincenzo Ciancia (vincenzo-ml) wrote :

I forgot to mention that restarting the samba daemon correctly unshares the folder.

Revision history for this message
Ante Karamatić (ivoks) wrote :

How did you share/unshare it? Editing smb.conf? Using shares-admin or nautilus sharing plugin?

I can't reproduce it on Gutsy.

Thank you for reporting.

Changed in samba:
status: New → Triaged
Revision history for this message
Vincenzo Ciancia (vincenzo-ml) wrote :

I right-click on a folder in nautilus, select "share folder" (notice that my desktop is in italian, so the english version might differ) and choose a name for the folder. Then in nautilus I go to

smb://localhost

and I see the folder. Then I go to system/administration/shared folders and see the folder. Then right-click on it in nautilus, select "share folder" and "do not share". The folder disappears from system/administration/shared folders, however in nautilus I can still go to "smb://localhost" and use it.

If I unshare it directly from "system/administration" it gets unshared correctly so the bug should be in the nautilus plugin. Moreover, if I share a folder from nautilus while keeping the system/administration window opened, lines are added in smb.conf but the folder is not visible in smb://localhost. The same happens when I unshare it: it is no longer present in smb.conf but it is visible in smb://localhost, so the point seems to be that the nautilus plugins should tell samba to reload its configuration after changing it.

Revision history for this message
Ante Karamatić (ivoks) wrote :

Unsharing a folder in nautilus or shares-admin doesn't restart samba. Cause of that, share is still accessible. Samba should restart it self if config file is changed or mentioned tools should restart it by it self.

Changed in gnome-system-tools:
importance: Undecided → High
status: New → Confirmed
Revision history for this message
Vincenzo Ciancia (vincenzo-ml) wrote :

Moreover, an emblem should be added to the folder when it's shared. This bug is a security problem. If I have a shared folder and I don't know, people can steal data from there.

Revision history for this message
Vincenzo Ciancia (vincenzo-ml) wrote :

If you stop "reloading" the remote folder in nautils, it will get unshared after a while. If you keep reloading (i.e. listing the remote folder) it will never get unshared.

Revision history for this message
Mathias Gug (mathiaz) wrote :

It seems that the issue is not with the samba package. If the configuration file is changed, samba should be reloaded by the application that changed the file.

Closing as Won't Fix for the samba package.

Changed in samba:
status: Triaged → Won't Fix
Revision history for this message
Sebastien Bacher (seb128) wrote :

Thanks for the bug report. This particular bug has already been reported, but feel free to report any other bugs you find.

Changed in gnome-system-tools:
assignee: nobody → desktop-bugs
status: Confirmed → Invalid
Revision history for this message
Vincenzo Ciancia (vincenzo-ml) wrote :

In the other report, nobody noticed that it also happens when you _un_share. Can you please take a look at priority of the two?

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.