T 3.96 Incorrect configuration of a Samba server

To demonstrate some of the capabilities of the Samba server and to provide administrators with a quick introduction, the "smb.conf" configuration file is created with default settings during the installation of the Samba server. If the configuration file supplied with Samba, which is only intended as an example, is used immediately or after making just a few changes, then serious security gaps may result. Various errors can be made when modifying the configuration file:

• If file shares used as an example are not commented out, then it will be possible to read any sensitive information stored on these unwanted shares.
• The binary packages for Samba often contain functions that will not be needed. If administrators are not aware of these functions, then the security and availability of the services provided by a Samba server could be seriously affected. An example of this is the -enable-cups parameter in the "configure" script used when compiling the program. This parameter specifies if Samba will be compiled with or without support for the Common Unix Printing System (CUPS).
• The Samba configuration contains default values for certain settings that can influence the performance of a Samba server. If these settings are changed without knowing the exact effects of the changes, such changes could result in poorer performance or could even adversely affect the availability of the services of the Samba server. The effects of a change are not immediately visible in many cases. This is the case, for example, with the allocation roundup size configuration parameter.