Mihail S. Dorofeev
2002-Nov-13 03:49 UTC
[Samba] [Samba 2.2.6] share permissions override Unix rigths?
Hi All!
I have Samba 2.2.6 installed on Solaris 8 SPARC. Samba is authenticating
users against LDAP (Netscape Directory Server 4.12)
One of my directories has rights as following (using synonyms):
d rwx r-x --- owner : growner VOL5
I have another user USER1 whose primary group membership is GROUP1,
supplementary groupmembership GROWNER.
My Samba config follows:
[VOL5]
path = /export/home/VOL5
valid users = +GROWNER
admin users = USER1
read only = No
The user USER1 ___CAN___ write to VOL5 share! although it actually DOES NOT
have UNIX rights to do this!!!!
All other users who are members of GROWNER ___CAN NOT____ write to VOL5.
Regarding this there are two questions:
1. Once Samba has authenticated a user successfully DOES it then check Unix
user permissions ? (I assume - YES)
1a. Then WHY does it allow the user USER1 to write to VOL5 ? Does ___ADMIN
USER___ privilege override normal Unix permissions ???
2. WHY members of GROWNER can NOT write to VOL5 though we have ___read only
= No___ option set...
Thanks in advance!
Andrew Bartlett
2002-Nov-13 04:30 UTC
[Samba] [Samba 2.2.6] share permissions override Unix rigths?
On Wed, 2002-11-13 at 14:48, Mihail S. Dorofeev wrote:> Hi All! > I have Samba 2.2.6 installed on Solaris 8 SPARC. Samba is authenticating > users against LDAP (Netscape Directory Server 4.12) > > One of my directories has rights as following (using synonyms): > > d rwx r-x --- owner : growner VOL5 > > I have another user USER1 whose primary group membership is GROUP1, > supplementary groupmembership GROWNER. > > My Samba config follows: > > [VOL5] > path = /export/home/VOL5 > valid users = +GROWNER > admin users = USER1 > read only = No > > The user USER1 ___CAN___ write to VOL5 share! although it actually DOES NOT > have UNIX rights to do this!!!! > All other users who are members of GROWNER ___CAN NOT____ write to VOL5. > > Regarding this there are two questions: > > 1. Once Samba has authenticated a user successfully DOES it then check Unix > user permissions ? (I assume - YES) > 1a. Then WHY does it allow the user USER1 to write to VOL5 ? Does ___ADMIN > USER___ privilege override normal Unix permissions ???Yes. As per the documentation, 'admin users' makes a user root. I think this is even in the FAQ now. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20021113/158048ee/attachment.bin