Alex de Vaal
2004-May-19 11:35 UTC
write list bug reports [was Re: [Samba] OTHER BUG IN SAMBA 3.0.4?! FORCE USE
> On Tue, May 18, 2004 at 05:20:59PM +0200, Alex de Vaal wrote: > >> [print$] >> comment = Printer Driver Download Area >> path = /etc/samba/drivers >> write list = root, '@TEST.COM\Domain Admins', >> @TEST.COM\DEP_ADMIN_GERMANY >> force user = root >> guest ok = Yes> On a related note, what's the point of having every user connected as > root and also use a write list, specially for other users besides root? > What is the expected behaviour here? Wouldn't it be best to use "valid > users" instead of the write list? I'm a little confused about this scenario.> What takes precedence, force user or write list?The print$ share is in my case a "read only" share, that can be accessed by anybody (guest ok = Yes). Normally any user doesn't have write access to a "read only" share, but with "write list" you can define which users or groups can have write access here. Normally this is sufficient. My Samba server is however a real domain member of a native W2k3 ADS and no real linux users exist on my Linux server (except the default, root and my backdoor root). That means that only ADS users or groups have access to my Samba shares. Because we have multiple country delegated admins (member of 'Domain Admins') they can all upload printer drivers. The reason that I use "force user = root" is that the uploaded printer drivers will be owned by the linux user root (uid=0 and gid=0) and not any Windows domain admin. If you want to use "valid users" on your share then you have to define the users or groups that can have access to your share. In case of a printer driver download area I don't want to define users, just anybody is allowed to download them (less administration). So, it just a matter of the choice you make. On the choice you make you have to use the "cause and effect" principle... :) Regards, Alex.
Seemingly Similar Threads
- write list bug reports [was Re: OTHER BUG IN SAMBA 3.0.4?! FORCE USE
- PANIC: internal error; winbind daemon (3.0.4) crashes
- "user 'root' does not exist" in winbindd.log after upgrade from 3.0.2a to 3.0.3
- ADS server fallback
- 3.0.7; "string overflow by 1 (32 - 31) in safe_strcpy"