Florian Effenberger
2004-Dec-23 18:02 UTC
[Samba] domain administrator is always mapped to root
Hello, I have found out that a domain administrator is always mapped to root in the UNIX filesystem: drwx------ 2 jive smbguests 1024 2004-12-23 18:59 jive drwx------ 13 salsa smbusers 1024 2004-12-23 18:58 salsa drwx------ 13 root smbadmins 1024 2004-12-23 18:56 tango jive is a domain guest user, salsa a domain user and tango a domain administrator. Is it possible to change the root ownership behaviour? Thanks Florian
Michael Lueck
2004-Dec-23 19:34 UTC
[Samba] Re: domain administrator is always mapped to root
Florian Effenberger wrote:> I have found out that a domain administrator is always mapped to root in > the UNIX filesystem:Yup, found that as well. It seems to be hard coded behavior in the Samba code. Even though it would make sense to never log in as root, you can not tell Samba root is an invalid user or you will not like the results. "Been there, Done that"... documented in the PDF as well. -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly.
Florian Effenberger wrote:> Hello, > > I have found out that a domain administrator is always mapped to root > in the UNIX filesystem: > > drwx------ 2 jive smbguests 1024 2004-12-23 18:59 jive > drwx------ 13 salsa smbusers 1024 2004-12-23 18:58 salsa > drwx------ 13 root smbadmins 1024 2004-12-23 18:56 tango > > jive is a domain guest user, salsa a domain user and tango a domain > administrator.Yes, if tango is listed as admin user in smb.conf.> > Is it possible to change the root ownership behaviour?Don't list Tango as admin user in smb.conf.> > Thanks > Florian
Florian Effenberger
2004-Dec-23 20:31 UTC
[Samba] Re: domain administrator is always mapped to root
Hi Michael,> Yup, found that as well. It seems to be hard coded behavior in the Samba > code. Even though it would make sense to never log in as root, you can > not tell Samba root is an invalid user or you will not like the results. > "Been there, Done that"... documented in the PDF as well.@Samba team: is this by intense or is this a bug? I find it is a problem when you switch from Domain Admin to Domain User, as the unix permissions are wrong then... :) Florian
Florian Effenberger
2004-Dec-24 10:35 UTC
[Samba] Re: domain administrator is always mapped to root
Hi Michael,> 2) Anyone who is a Samba Domain Admin will cause things in the log to > equate the user to being the root user. Just how Samba thinks about things.okay. Any chance to get that "fixed" by the Samba development team? :-) Florian
Thomas M. Skeren III
2004-Dec-24 10:54 UTC
[Samba] Re: domain administrator is always mapped to root
Florian Effenberger wrote:> Hi Michael, > >> 2) Anyone who is a Samba Domain Admin will cause things in the log to >> equate the user to being the root user. Just how Samba thinks about >> things. > > > okay. Any chance to get that "fixed" by the Samba development team? :-)Get what fixed? The OS is Unix. The administrator IS root. What is there to "fix"?> > Florian
Florian Effenberger
2004-Dec-24 10:59 UTC
[Samba] Re: domain administrator is always mapped to root
Hi,> Get what fixed? The OS is Unix. The administrator IS root. What is > there to "fix"?root is root (Unix admin, Domain admin). tango is tango (NOT an Unix admin, but Domain admin). Is there a technical necessity of mapping tango to root? Florian
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 | root is root (Unix admin, Domain admin). tango is tango (NOT an Unix | admin, but Domain admin). Is there a technical necessity of mapping | tango to root? I surmise that in order to properly emulate Windows behavior Samba must do some of these things that we *nix guys find pesky. I imagine that the only way around this behaviour would probably include coming up with a special PAM module and that may be outside the scope of the Samba project. Otherwise you are going to need to be able to do root things like change passwords, delete users and stuff. Jim C. - -- - ----------------------------------------------------------------- | I can be reached on the following Instant Messenger services: | |---------------------------------------------------------------| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---------------------------------------------------------------| | Y!: j_c_llings Jabber: jcllings @ njs.netlab.cz | - ----------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBzF1v57L0B7uXm9oRAs9rAJwJU0hmDHOdqGtWoeSNZ2XXYdDKJQCfaKWe 4zO74GZ30AyIDHYEt3pKy38=4t7v -----END PGP SIGNATURE-----
Florian Effenberger
2004-Dec-25 09:50 UTC
[Samba] Re: domain administrator is always mapped to root
Hi Jim, okay, I guess I got the point. :-) Florian
Ryan Novosielski
2004-Dec-28 19:36 UTC
[Samba] Re: domain administrator is always mapped to root
domain admin and admin user are two different things. Look closely at the documentation. ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$&| |__| | | |__/ | \| _| | novosirj@umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Fri, 24 Dec 2004, Jim C. wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > | root is root (Unix admin, Domain admin). tango is tango (NOT an Unix > | admin, but Domain admin). Is there a technical necessity of mapping > | tango to root? > > I surmise that in order to properly emulate Windows behavior Samba must > do some of these things that we *nix guys find pesky. I imagine that the > only way around this behaviour would probably include coming up with a > special PAM module and that may be outside the scope of the Samba > project. Otherwise you are going to need to be able to do root things > like change passwords, delete users and stuff. > > > Jim C. > - -- > - ----------------------------------------------------------------- > | I can be reached on the following Instant Messenger services: | > |---------------------------------------------------------------| > | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | > |---------------------------------------------------------------| > | Y!: j_c_llings Jabber: jcllings @ njs.netlab.cz | > - ----------------------------------------------------------------- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > > iD8DBQFBzF1v57L0B7uXm9oRAs9rAJwJU0hmDHOdqGtWoeSNZ2XXYdDKJQCfaKWe > 4zO74GZ30AyIDHYEt3pKy38> =4t7v > -----END PGP SIGNATURE----- > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >
Gerald (Jerry) Carter
2005-Jan-05 18:22 UTC
[Samba] domain administrator is always mapped to root
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Florian Effenberger wrote: | Hello, | | I have found out that a domain administrator is always mapped to root in | the UNIX filesystem: | | drwx------ 2 jive smbguests 1024 2004-12-23 18:59 jive | drwx------ 13 salsa smbusers 1024 2004-12-23 18:58 salsa | drwx------ 13 root smbadmins 1024 2004-12-23 18:56 tango | | jive is a domain guest user, salsa a domain user and tango a domain | administrator. | | Is it possible to change the root ownership behaviour? sounds like you have an 'admin users' line in smb.conf. cheers, jerry - --------------------------------------------------------------------- Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "If we're adding to the noise, turn off this song"--Switchfoot (2003) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB3DBXIR7qMdg1EfYRApFVAJ9kFBxPZGBiDmMA4YTzljteOlz9fwCeLnuP vDa5Rvqih1Z1UlXloG75D5w=BnPe -----END PGP SIGNATURE-----