Robert Dahlem
2000-Dec-12 08:20 UTC
Mabe bug in Force User given root permission to all files.
[moved to samba mailing list] On Tue, 12 Dec 2000 05:00:33 +0100 (CET), Przemek Sobieski wrote:>I think I find some bug in samba. >When i user option force user or force group and restart deamons >peoples who log in samba get root perrmision to all files. > >I'll give hie config of my system etc. : > >All permisions work fine with this: >[Poczta] > comment = Poczta > path = /shells/Poczta > read only = no > public = no > write list = @admins > writable = yes > printable = no > force directory mode = 771 > force create mode = 771 > valid users = @poczta > > >But when i Add force user and group: > >[Poczta] > comment = Poczta > path = /shells/Poczta > read only = no > public = no > write list = @admins > writable = yesThis should read "writeable".> printable = no > force directory mode = 771 > force create mode = 771 > force group = poczta > force user = szef > valid users = @poczta > >Any user can browse "Poczta" ! any user can do enything with files. >Get root access to them.You configured "valid users = @poczta" and your /etc/group contains a line: poczta:x:125:serwis1,serwis2,handel1,handel2,asystent1,asystent2,szef Does anybody else have access to the share "poczta" who is not member of this group? Why do you think they have root access? In my eyes it does not make sense to configure "writeable = yes" and "write list = @admins". With "writeable = yes" everybody with access to the share has write access. "write list" is for adding some writers to an otherwise unwriteable share. "read only" is an inverted synonym for "writeable". I don't find no group "admins" in your /etc/group. Who is member of this group? Regards, Robert -- --------------------------------------------------------------- Robert.Dahlem@gmx.net Fax +49-69-432647 --------------------------------------------------------------- Sent using PMMail (http://www.pmmail2000.com) - fast, decent, email software; far better than Outlook. Try it sometime.