Dear Engineers, I am a samba new user. When a share for user has one permission, it is OK. When a share for user has permission combination, there is something different in my thought. In Linux user system, a user can belong to multiple groups. For example: The user (uf) belongs to multiple groups (g_full and g_read) [root at node-107-174 /]# id 1017 uid=1017(uf) gid=1017(g_full) groups=1017(g_full),1018(g_read) my samba config file content: [global] workgroup = SAMBA security = user passdb backend = tdbsam [dsf] path = /dsf read list = @g_read valid users = @g_full @g_read admin users = @g_full according to https://www.samba.org/samba/docs/using_samba/ch09.html 1. the user uf in groups g_read and g_full,means it has read only and root permission, I think the user uf will has root permission, but actually, the user uf only has read only permission, can not write. In a word, when the user in read list and admin users, the user only has read only permission. [I think the user will has root permission, but something different] In my thought,permission conflict priority: invalid users > admin users > write list > read lists But this situation is not ok. 2. Another situation, When the user in read list, write list, and admin users, the user has root permission. [This situation is ok] Auxiliary information: [root at node-107-174 /]# uname -a Linux node-107-174 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [root at node-107-174 /]# rpm -qa | grep samba samba-client-libs-4.5.1-1.el7.centos.x86_64 samba-common-tools-4.5.1-1.el7.centos.x86_64 samba-common-4.5.1-1.el7.centos.noarch samba-libs-4.5.1-1.el7.centos.x86_64 samba-4.5.1-1.el7.centos.x86_64 samba-common-libs-4.5.1-1.el7.centos.x86_64 Look forward to your reply,Thank you very much. ________________________________ 免责声明 本邮件及其附件可能包含私有的、保密的或特权的交流、工作成果或其它信息。除非得到上海爱数信息技术股份有限公司的书面授权,任何披露、复制、分发或使用本邮件和/或附件中的任何内容都是不被允许的。如果您误收了本邮件,请立即通过邮件(its at eisoo.com)或电话(021-54222601)联系我们,并删除本邮件及其附件(无论电子版或打印版),谢谢! This message and its attachments may contain communications, work product or other information which are private, confidential or privileged. Any disclosure, coping, distribution and use of the contents of this message and/or its attachments is prohibited unless specifically authorized by the EISOO in writing, If you find that you are not one of the intended recipients of this message, please immediately contact us by e-mail (its at eisoo.com) or by telephone (021-54222601) and delete this message and all of its attachments whether in electronic or in hard copy format. Thank you.
Fay zhang
2017-Apr-06 20:34 UTC
[Samba] Samba Permission Combination Conflict And Priority
Check your dictionary permission please On Wed, Apr 5, 2017, 16:42 刘浪 via samba <samba at lists.samba.org> wrote:> Dear Engineers, > > I am a samba new user. When a share for user has one permission, it is > OK. When a share for user has permission combination, there is something > different in my thought. > > In Linux user system, a user can belong to multiple groups. For example: > The user (uf) belongs to multiple groups (g_full and g_read) > [root at node-107-174 /]# id 1017 > uid=1017(uf) gid=1017(g_full) groups=1017(g_full),1018(g_read) > my samba config file content: > [global] > workgroup = SAMBA > security = user > passdb backend = tdbsam > > [dsf] > path = /dsf > read list = @g_read > valid users = @g_full @g_read > admin users = @g_full > > according to https://www.samba.org/samba/docs/using_samba/ch09.html > 1. the user uf in groups g_read and g_full,means it has read only and root > permission, I think the user uf will has root permission, > but actually, the user uf only has read only permission, can not write. > In a word, when the user in read list and admin users, the user only has > read only permission. [I think the user will has root permission, but > something different] > > In my thought,permission conflict priority: > invalid users > admin users > write list > read lists > > But this situation is not ok. > > 2. Another situation, When the user in read list, write list, and admin > users, the user has root permission. [This situation is ok] > > > > > Auxiliary information: > [root at node-107-174 /]# uname -a > Linux node-107-174 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC > 2015 x86_64 x86_64 x86_64 GNU/Linux > [root at node-107-174 /]# rpm -qa | grep samba > samba-client-libs-4.5.1-1.el7.centos.x86_64 > samba-common-tools-4.5.1-1.el7.centos.x86_64 > samba-common-4.5.1-1.el7.centos.noarch > samba-libs-4.5.1-1.el7.centos.x86_64 > samba-4.5.1-1.el7.centos.x86_64 > samba-common-libs-4.5.1-1.el7.centos.x86_64 > > > Look forward to your reply,Thank you very much. > > > ________________________________ > 免责声明 > > > 本邮件及其附件可能包含私有的、保密的或特权的交流、工作成果或其它信息。除非得到上海爱数信息技术股份有限公司的书面授权,任何披露、复制、分发或使用本邮件和/或附件中的任何内容都是不被允许的。如果您误收了本邮件,请立即通过邮件( > its at eisoo.com)或电话(021-54222601)联系我们,并删除本邮件及其附件(无论电子版或打印版),谢谢! > > This message and its attachments may contain communications, work product > or other information which are private, confidential or privileged. Any > disclosure, coping, distribution and use of the contents of this message > and/or its attachments is prohibited unless specifically authorized by the > EISOO in writing, If you find that you are not one of the intended > recipients of this message, please immediately contact us by e-mail ( > its at eisoo.com) or by telephone (021-54222601) and delete this message and > all of its attachments whether in electronic or in hard copy format. Thank > you. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >