User Name
Password
AppleNova Forums » Apple Products »

Windows File Sharing works...a little too well


Register Members List Calendar Search FAQ Posting Guidelines
Windows File Sharing works...a little too well
Thread Tools
ar1550
New Member
 
Join Date: Feb 2005
 
2005-02-17, 23:24

I got my 17" Powerbook today. Airport express connected to my wlan, cool, Internet access. Then I turned on Windows File Sharing so I could try streaming some MP3s. Oops, turns out that file sharing lets my PC see the Mac, not the other way around. That's fine, because I want to have access from my PC to shared folders on the Powerbook. Well, it turns out that my PC has read/write access to the *entire* home directory of my user account (also the administrator) on the Powerbook. Obviously I'm not too thrilled that just by enabling file sharing, I've invited anyone on the same network as me to hax0r all my files! I looked at the permision for my /Users/$USERNAME folder and set "everyone" to no access instead of read only, but that did squat...obviously I don't want to change my own permissions to non read-write. Any ideas? Apple.com/support didn't seem to have anything relevant.
  quote
torifile
Less than Stellar Member
 
Join Date: May 2004
Location: Durham, NC
Send a message via AIM to torifile  
2005-02-17, 23:26

How did you connect to your Mac?
  quote
ar1550
New Member
 
Join Date: Feb 2005
 
2005-02-18, 00:21

On the PC, I went to Network Neighborhood, Workgroup computers, and my PB was listed as Mac OS X (Powerbook). Double clicked it, which then lists Printers & Faxes, and then my user's home directory. You can open the user home dir and get full read/write, it never prompted for a password.
  quote
alcimedes
I shot the sherrif.
 
Join Date: May 2004
Send a message via ICQ to alcimedes  
2005-02-18, 00:29

i've never seen it do that once and i've set up dozens of machines. did you happen to use the same username/pass combo on both machines?
  quote
ar1550
New Member
 
Join Date: Feb 2005
 
2005-02-18, 00:29

OK, I figured it out. On my PC, the username is exactly the same that I used for the username on the PB. If I change my username on the PB, then it prompts the Windows PC for a password. It must be seeing that the other machine is logged in as "FullUserName" and assuming that since it is already logged in under that username that it can use the same permissions that this user has locally on the PB. Somewhat annoying as I like to use my full name as the user name on all my systems, and it seems like a pretty big security flaw (someone sees your machine logged out, at the list of usernames, then creates an account on their machine with the same name as your account, and BAM steals *all* your user data). I'll have to experiment to see if this is a just a one-off weirdness or a bona fide flaw.
  quote
ar1550
New Member
 
Join Date: Feb 2005
 
2005-02-18, 00:31

For the record, I figured it out all by myself and was typing my post while you submitted yours
  quote
ar1550
New Member
 
Join Date: Feb 2005
 
2005-02-18, 00:34

It works as long as the usernames match, the passwords do NOT have to be the same (though I did have the same username/pass on both originally, changing the password only has no effect).
  quote
alcimedes
I shot the sherrif.
 
Join Date: May 2004
Send a message via ICQ to alcimedes  
2005-02-18, 00:46

if you change your admin password on the PB it shouldn't let you log in w/o entering a username/pass.
  quote
ar1550
New Member
 
Join Date: Feb 2005
 
2005-02-18, 00:55

I changed the username again and now it seems allow the PC to get in regardless of what username is on the PB. No password required.
I'm going to format and reinstall, I was just hoping that I could get all the basics up and running on the default install so that I know exactly how to set it up. I was planning on doing a clean install anyways to clear out languages, printer drivers, trialware I don't want, so hopefully it will just work after I reinstall.
  quote
alcimedes
I shot the sherrif.
 
Join Date: May 2004
Send a message via ICQ to alcimedes  
2005-02-18, 01:09

wait for FFL to post in here. he knows this crap a little better than i do, but if you changed the password on your Mac, it shouldn't allow the windows machine in.

try turning off filesharing after you change the password then turning it back on.

Google is your frenemy.
Caveat Emptor - Latin for tough titty
I tend to interpret things in the way that's most hilarious to me
  quote
staph
Microbial member
 
Join Date: May 2004
Send a message via AIM to staph  
2005-02-18, 01:30

BTW, if you want more fine-grained control of your windows (and Mac) filesharing, the Sharepoints utility may be for you.
  quote
FFL
Fishhead Family Reunited
 
Join Date: May 2004
Location: Slightly Off Center
 
2005-02-18, 04:10

Hmm.
I've been meaning to get a PC set up on the home network, just to play around with this cross-platform file sharing stuff. Thanks for the complimentalcimedes but you are probably more experienced than me in this area (hopefully you can help with a problem I'm about to post).

First thing I'd try is creating test users on both the Mac and PC and see if the problem duplicates itself or behaves any differently than it does currently.

Otherwise, I'm going to assume your clean install will kill the problem, regardless.
  quote
Gargoyle
http://ga.rgoyle.com
 
Join Date: May 2004
Location: In your dock hiding behind your finder icon!
 
2005-02-18, 05:01

You do know that you will have to reboot windows each time you change any security details, regardless if it is the password in the Mac or on the PC. At the time of the initial connection, windows decides what you are allowed to do, and stores this info in a "Security Token". This token is then used for all future communications.

OK, I have given up keeping this sig up to date. Lets just say I'm the guy that installs every latest version as soon as its available!
  quote
SonOfSylvanus
Fro Productions(tm)
 
Join Date: May 2004
Location: London Town
 
2005-02-18, 06:27

This is not a flaw or bug AFAICT

If from a Windows computer you connect to \\localhost\accountname, you will have entire accesss to "accountname's" Home Folder.





The last time I briefly allowed a Windows friend to connect to my Mac, he had access to my entire Home Folder after simply entering my Account Name. (Mac Help instructs you to give a Windows user your Account Name in this situation with little indication of the dangers of doing this, don't you think?)

I am very unhappy with Mac-Windows file-sharing.

bouncy bouncy
  quote
FFL
Fishhead Family Reunited
 
Join Date: May 2004
Location: Slightly Off Center
 
2005-02-18, 06:36

Quote:
Originally Posted by SonOfSylvanus
This is not a flaw or bug AFAICT

If from a Windows computer you connect to \\localhost\accountname, you will have entire accesss to "accountname's" Home Folder.
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2005-02-18, 06:40

WOW.

Everybody go now (don't wait!) to this page and report your thoughts on this matter:

http://www.apple.com/macosx/feedback/
http://www.apple.com/macosx/feedback/
http://www.apple.com/macosx/feedback/

I wonder what lunkhead at Apple came up with that idea.

The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting.
  quote
HHogan
Member
 
Join Date: Aug 2004
Location: Southern Ontario
Send a message via AIM to HHogan  
2005-02-18, 06:43

And yet they don't enable the ability to see the various volumes on the system

You got to edit the smb file in order to gain access
  quote
staph
Microbial member
 
Join Date: May 2004
Send a message via AIM to staph  
2005-02-18, 08:04

Quote:
Originally Posted by HHogan
And yet they don't enable the ability to see the various volumes on the system

You got to edit the smb file in order to gain access
Or you could use the free Sharepoints utility I linked to above.
  quote
alcimedes
I shot the sherrif.
 
Join Date: May 2004
Send a message via ICQ to alcimedes  
2005-02-18, 10:39

If you're logging in with X username and password, of course you'll be able to see their directory.

If you want Windows users to be able to connect to your machines with limited access, you'll need to create an account with limited access, and give them access to that.

Whatever user you log in as will dictate the rights you have on that machine and you'll have access to whatever that user has access to.

Google is your frenemy.
Caveat Emptor - Latin for tough titty
I tend to interpret things in the way that's most hilarious to me
  quote
torifile
Less than Stellar Member
 
Join Date: May 2004
Location: Durham, NC
Send a message via AIM to torifile  
2005-02-18, 11:09

Quote:
Originally Posted by alcimedes
If you're logging in with X username and password, of course you'll be able to see their directory.

If you want Windows users to be able to connect to your machines with limited access, you'll need to create an account with limited access, and give them access to that.

Whatever user you log in as will dictate the rights you have on that machine and you'll have access to whatever that user has access to.
Thanks for pointing that out. I was thinking the same thing myself. I'd be pissed if I had to jump through hoops to get to my stuff when I logged in with the right credentials. But this issue of NOT having to put a password in is a problem...
  quote
ar1550
New Member
 
Join Date: Feb 2005
 
2005-02-18, 12:34

Thanks for the Sharepoints link, I will play with it when I get back from class.
I will definitely give Apple feedback about this, when you turn on something expecting it to "Just Work (TM)" it shouldn't leave you completely at the mercy of those on your LAN. And I expect editing Samba configurations is not what Apple intended its customers to have to do.
  quote
SonOfSylvanus
Fro Productions(tm)
 
Join Date: May 2004
Location: London Town
 
2005-02-18, 13:08

Quote:
Originally Posted by alcimedes
If you want Windows users to be able to connect to your machines with limited access, you'll need to create an account with limited access, and give them access to that.
Yeah, but does that work...?

Okay, this is a real world example: I have a 1GB ripped movie called "thismovie" in ~/Movies. I want to share this movie with my Windows laptop-using friend across our home network without any copying of the movie from one place to another.

How can I do this?

This should be simply enough, but it isn't... There is no way in System Preferences>Accounts to set up a new Account ("shared") that will provide access to my Home Folder's Movie Folder. For shared to see thismovie, I would have to move thismovie to ~/Public (in my Home Folder), which is just effing stupid.

Am I missing something?

bouncy bouncy
  quote
alcimedes
I shot the sherrif.
 
Join Date: May 2004
Send a message via ICQ to alcimedes  
2005-02-18, 15:06

Quote:
Originally Posted by SonOfSylvanus
Yeah, but does that work...?

Okay, this is a real world example: I have a 1GB ripped movie called "thismovie" in ~/Movies. I want to share this movie with my Windows laptop-using friend across our home network without any copying of the movie from one place to another.

How can I do this?

This should be simply enough, but it isn't... There is no way in System Preferences>Accounts to set up a new Account ("shared") that will provide access to my Home Folder's Movie Folder. For shared to see thismovie, I would have to move thismovie to ~/Public (in my Home Folder), which is just effing stupid.

Am I missing something?
My understanding, (which may be wrong) is that if they logged in as you, they'd have access to your home directory. If you just want to share that ONE directory, and nothing else, you're going to want to go the third party software route. The only other way I know of is to put it in Users/Shared/ or to create an account for that person, and stick it somewhere inside their Home directory.

Supposedly 10.4 is going to fix some of thie stupidity, at least on the server side of things (not sure about desktop version) but for now it's a bit stupid.

I suppose you could try changing the permissions on that folder to allow another user access under the "Get Info" option, but I haven't played around with that much.

At work, we just have a select folder that is shared, and nothing else. From a security standpoint, that's MUCH safer.

Google is your frenemy.
Caveat Emptor - Latin for tough titty
I tend to interpret things in the way that's most hilarious to me
  quote
SonOfSylvanus
Fro Productions(tm)
 
Join Date: May 2004
Location: London Town
 
2005-02-18, 17:05

Quote:
Originally Posted by alcimedes
If you just want to share that ONE directory, and nothing else, you're going to want to go the third party software route...
This is what I am thinking too.

SharePoints looks like a good place to start, as staph mentioned. See this OSXGuides article on "File Sharing Over a Network in OSX" for set-up help (as noted on the SharePoints d/l page).

P.S. The screenshots are from Mac OS 10.2.x for anyone who gets confused...

I'm trying SharePoints now...

bouncy bouncy
  quote
Posting Rules Navigation
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Post Reply

Forum Jump
Thread Tools
Similar Threads
Thread Thread Starter Forum Replies Last Post
Modifying hosts file...please help. SledgeHammer Genius Bar 21 2008-05-07 23:28
Windows XP Sharing mtinderholt General Discussion 4 2004-09-20 07:19
Airport Express->Netgear router file sharing issues thequicksilver Genius Bar 0 2004-08-20 07:48
Windows Printer Sharing dfj225 Genius Bar 2 2004-08-04 21:57
Sharing aliased files/drives on LAN with windows machines ZO Genius Bar 4 2004-07-10 16:46


« Previous Thread | Next Thread »

All times are GMT -5. The time now is 03:55.


Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004 - 2024, AppleNova