samba - Oct 2004 - 'add/change/delete share command'(s) in smb.conf

Hello.

I need to allow one of my users to add & delete shares on my Samba server 
through the 'server manager' applet on his client .

This same user also writes some files to the same Samba server.
I don't want the files that he writes to be owned/written by 'root'
.

The way I understand the 'add share command' currently, this is not 
possible.

Am I missing something?

Thanks.


Gary R. Webster

webster@lexmark.com wrote:
> Hello.
> 
> I need to allow one of my users to add & delete shares on my Samba
server
> through the 'server manager' applet on his client .
> 
> This same user also writes some files to the same Samba server.
> I don't want the files that he writes to be owned/written by
'root' .
> 
> The way I understand the 'add share command' currently, this is not
> possible.
> 
> Am I missing something?
I think you are right. User can not have more than 1 identity when 
connecting to Samba. If it's an Administrator everything will be done 
from the root account.

Igor

Hm... Interesting idea... Since access is necessary only to smb.conf 
than probably changing share's path to
'path = /etc/samba' could be a better alternative...

But then again.. how 'add/change/delete share commands' will know that 
this particular user has access to this [config] share even if path is 
left as '/'? So, it probably won't work via those commands - user
will
need to edit smb.conf by hand while accessing it via the [config] share.

Igor

David Rankin wrote:
>This will work:
>
>[config]
>        comment = Admin Share
>        path = /
>        valid users = theusername
>        force user = root
>        force group = theusergroup
>        admin users = theusername
>        writeable = Yes
>
>**** W A R N I N G **** whoever 'theusername' is will have complete
access
>to all files listed in or below the path directory (your entire box as shown
>above). If you can limit the path to say /home or wherever the files of
>concern are, you would be much better off.
>
>--
>David C. Rankin, J.D., P.E.
>Rankin * Bertin, PLLC
>510 Ochiltree Street
>Nacogdoches, Texas 75961
>(936) 715-9333
>www.rankin-bertin.com
>----- Original Message ----- 
>From: "Igor Belyi" <sambauser@katehok.ac93.org>
>To: <samba@lists.samba.org>
>Sent: Friday, October 15, 2004 11:17 PM
>Subject: [Samba] Re: 'add/change/delete share command'(s) in
smb.conf
>
>
>  
>
>>webster@lexmark.com wrote:
>>    
>>
>>>Hello.
>>>
>>>I need to allow one of my users to add & delete shares on my
Samba
>>>      
>>>
>server
>  
>
>>>through the 'server manager' applet on his client .
>>>
>>>This same user also writes some files to the same Samba server.
>>>I don't want the files that he writes to be owned/written by
'root' .
>>>
>>>The way I understand the 'add share command' currently, this
is not
>>>possible.
>>>
>>>Am I missing something?
>>>      
>>>
>>I think you are right. User can not have more than 1 identity when
>>connecting to Samba. If it's an Administrator everything will be
done
>>from the root account.
>>
>>Igor
>>
>>-- 
>>To unsubscribe from this list go to the following URL and read the
>>instructions:  http://lists.samba.org/mailman/listinfo/samba
>>    
>>
>
>
>  
>

Igor & David,

Thanks for the replies.
However, what I think I'm reading is that there is no current solution for 
my problem, right?

As Igor states, how would the Windows GUI 'add/change/delete'(or even 
command-line 'rmtshare') commands (know to) use this [config] share?

I trust the 'user' , that's not a problem.
The problem is that I don't want them to always be 'root' on the
Samba
server, especially as they create most of the files.
There are other processes which rely on these files being owned by this 
particular user, not 'root' .


Gary R. Webster




Igor Belyi <sambauser@katehok.ac93.org>
Sent by: samba-bounces+webster=lexmark.com@lists.samba.org
10/16/04 01:38 AM

 
        To:     David Rankin <drankin@cox-internet.com>
        cc:     samba@lists.samba.org
        Subject:        Re: [Samba] Re: 'add/change/delete  share
command'(s)  in smb.conf

On a second thought... It doesn't matter if path is '/' or
'/etc/samba'
- if user has access to edit smb.conf directly he/she can create similar
share with 'path = /' and 'force user = root' any time and have
access
to the whole computer. So, I agree - you'd better trust
'theusername' as
if it were 'root'.

Igor

Igor Belyi wrote:
> Hm... Interesting idea... Since access is necessary only to smb.conf
> than probably changing share's path to
> 'path = /etc/samba' could be a better alternative...
>
> But then again.. how 'add/change/delete share commands' will know
that
> this particular user has access to this [config] share even if path is
> left as '/'? So, it probably won't work via those commands -
user will
> need to edit smb.conf by hand while accessing it via the [config] share.
>
> Igor
>
> David Rankin wrote:
>
>> This will work:
>>
>> [config]
>>        comment = Admin Share
>>        path = /
>>        valid users = theusername
>>        force user = root
>>        force group = theusergroup
>>        admin users = theusername
>>        writeable = Yes
>>
>> **** W A R N I N G **** whoever 'theusername' is will have
complete
>> access
>> to all files listed in or below the path directory (your entire box
>> as shown
>> above). If you can limit the path to say /home or wherever the files of
>> concern are, you would be much better off.
>>
>> --
>> David C. Rankin, J.D., P.E.
>> Rankin * Bertin, PLLC
>> 510 Ochiltree Street
>> Nacogdoches, Texas 75961
>> (936) 715-9333
>> www.rankin-bertin.com
>> ----- Original Message ----- From: "Igor Belyi"
>> <sambauser@katehok.ac93.org>
>> To: <samba@lists.samba.org>
>> Sent: Friday, October 15, 2004 11:17 PM
>> Subject: [Samba] Re: 'add/change/delete share command'(s) in
smb.conf
>>
>>
>>
>>> webster@lexmark.com wrote:
>>>
>>>
>>>> Hello.
>>>>
>>>> I need to allow one of my users to add & delete shares on
my Samba
>>>>
>>>
>> server
>>
>>
>>>> through the 'server manager' applet on his client .
>>>>
>>>> This same user also writes some files to the same Samba server.
>>>> I don't want the files that he writes to be owned/written
by 'root' .
>>>>
>>>> The way I understand the 'add share command' currently,
this is not
>>>> possible.
>>>>
>>>> Am I missing something?
>>>>
>>>
>>> I think you are right. User can not have more than 1 identity when
>>> connecting to Samba. If it's an Administrator everything will
be done
>>> from the root account.
>>>
>>> Igor