[ar1550]

I got my 17" Powerbook today. Airport express connected to my wlan, cool, Internet access. Then I turned on Windows File Sharing so I could try streaming some MP3s. Oops, turns out that file sharing lets my PC see the Mac, not the other way around. That's fine, because I want to have access from my PC to shared folders on the Powerbook. Well, it turns out that my PC has read/write access to the *entire* home directory of my user account (also the administrator) on the Powerbook. Obviously I'm not too thrilled that just by enabling file sharing, I've invited anyone on the same network as me to hax0r all my files! I looked at the permision for my /Users/$USERNAME folder and set "everyone" to no access instead of read only, but that did squat...obviously I don't want to change my own permissions to non read-write. Any ideas? Apple.com/support didn't seem to have anything relevant.

[Ganesha]

This is normal behavior for Windows File Sharing. (read/write access with proper credentials)

If you want it to do something else, try editing:

/private/etc/smb.conf

to include the settings you desire.

you can 'man smb.conf' for help, but sites on the internet are better written.

Shutdown/restart of windows file sharing is require for new settings to take effect.

[ar1550]

That's normal behavior? How incredibly insecure. I guess I didn't specifically mention that the Windows PC has full read/write access to the PB user's home folder, and it NEVER prompted for a username or pass.
Good thing I can get myself around smb.conf

[NeilCharter]

Dude,

Can't you limit access to your public folder. Put your files there and let your pals connect as guests.

Under UNIX, if you connect to a computer using an account name and password you will always have access to the whole user directory.

[ar1550]

OK, I figured it out. On my PC, the username is exactly the same that I used for the username on the PB. If I change my username on the PB, then it prompts the Windows PC for a password. It must be seeing that the other machine is logged in as "FullUserName" and assuming that since it is already logged in under that username that it can use the same permissions that this user has locally on the PB. Somewhat annoying as I like to use my full name as the user name on all my systems, and it seems like a pretty big security flaw (someone sees your machine logged out, at the list of usernames, then creates an account on their machine with the same name as your account, and BAM steals *all* your user data). I'll have to experiment to see if this is a just a one-off weirdness or a bona fide flaw.
It works as long as the usernames match, the passwords do NOT have to be the same (though I did have the same username/pass on both originally, changing the password only has no effect).

[NeilCharter]

Nope, that's wrong.

By connecting to a machine with an account username and password, the machine gives you full access to that user directory (or more if you are admin).

Here's a useful trick - never give out your account information to anyone.

If you want to share files then use the public folder. However I assume guest access is open to anyone.

If you want to limit access then create a new account and share your files using the Shared folder (~Users/Shared). That can be used by anyone who has the right to connect to the machine.

Remember UNIX is very powerful, but can be dangerous if you let anyone gain access to your mac.

[Tsilou B.]

Originally posted by ar1550:
It works as long as the usernames match, the passwords do NOT have to be the same (though I did have the same username/pass on both originally, changing the password only has no effect).

No, that's definitely not true. If you don't send the username/password you use on your Mac to the Mac, you will NOT get access to the files. It's correct that Windows tries to log in with the username/password you use on your Windows PC first. That's why you were able to see all the files without having to enter username/password first.

If you now changed the password on your PC and it can still access all your files on your Powerbook, then that's because Windows has saved the login information for the Powerbook share and still uses the old password. It's certainly not true that anyone who knows just your username can access the files. To check that, just change the password on your Powerbook to something you have never used on the PC and you will see that the PC will no longer be able to access the files on the Powerbook.