Any system administrator knows that share files on local computer is a bad idea for security reasons. To transfer files better use external file servers which usually better secured. But if you have small home computer network without file servers and DNS server you have to share files somewhere. Windows 7 "home network" realization is awful (complicated unclear stuff). I always disable it. I would say it is large hole for hackers.
As many knows, Apple™ use for file sharing three types of protocols: FTP, AFP and SMB. If you need to share files between Macs I would recommend to use the AFP protocol. It is fast and reliable solution. If you need to share files between Mac and Windows PC machines you can use FTP or SMB. The SMB is most native way for Windows. The FTP I wouldn't recommend to use for small files transfer (directories with many small files) cause FTP is good to use for 'Internet to local computer' large file transfer (large ZIP archives or something) but not for local network usage. If you have Linux machine AFP is usable too, but it is separate big theme.
As I said above - any system administrator knows that share files on local computer is a bad idea, also he knows that to share home directories and whole disks are very bad method. I always use straight sharing to local folder and never to home directories. That is why I was surprised that Mac OS 10.5, 10.6 share home directories and disks by DEFAULT. The disks are shared for Administrative User account. But many Mac users use such accounts as default, right? ;)
That is why is a good idea to little adjust the smb system and disable such shares. Unfortunately there is no way to do it via graphical interface GUI and we will use console to do this. As one my pal says we will 'hack' it. Other words we will 'hack' own computer and won't allow to 'hack' our system by others ;) The method described here was tested on Mac OS 10.6.2 with Windows 7 system.
I won't describe how to share files via sharing utility in Mac OS. Many info about in the internet. So, I think you know what are you doing. :)
The two ways exist for you:
- Use the `guest' account
- Use the user account with user login and password
First you need to create directory and share it via sharing utility or use 'Shared' folder in your /Users directory. This magic folder is accessible for any users on your system.
Second - delete the other shares in the list.
Third - chose in Options button the smb protocol and users you allow to login. If you chose no one - only guest will be allowed and should be enabled in your accounts.
The last step is to hack the /etc/smb.conf file
It looks little strange for Linux guys, but we need bottom side of this - go to last line. Not recommended to change anything in this file, we can add our options below this line:
; END required configuration.
Add this block there:; Hack to disable virtual homes
[homes]
path = /dev/null
valid users = root
; Hack to disable admin shared volumes
[global]
com.apple: show admin all volumes = no
; END hack
[homes]
path = /dev/null
valid users = root
; Hack to disable admin shared volumes
[global]
com.apple: show admin all volumes = no
; END hack
After this reboot computer or Relaunch the Finder.
Your Windows 7 user after login will see only folder you share. Happy sharing ... ;)
∗NOTE: You must be a root to edit smb.conf file by Nano or something you prefer.
No comments:
Post a Comment