"write list" overrides "read only" but "admin users" does not
Andrew Bartlett
abartlet at samba.org
Mon Nov 17 02:27:08 GMT 2008
On Sat, 2008-11-15 at 16:43 -0800, Steven Danneman wrote:
> I've noticed that in "security = user" (and probably ads) mode, that
> users added to the "write list" parameter override the "read only"
> parameter, and are allowed to write to that share. This is documented
> in the smb.conf man page.
>
> However, users added to the "admin users" parameter do not override the
> "read only" parameter and cannot write to that share. This seems
> semantically quite odd. Admin users, who will be set to UID root,
> should be allowed the same or more access as writers.
>
> Yes, the admin could just add the user to both lists, but that's
> non-intuitive.
>
> Does anybody know if there's a specific reason for this behavior? Will
> allowing "admin users" to override "read only" break anybody's workflow?
>
> I haven't delved deeply into all code paths, but I think changing this
> behavior may be as easy as:
I really don't like the idea of overriding the 'read only' thing.
Similarly, we generally recommend against the 'admin users' parameter.
I don't think changing these semantics is a good idea. It seems
entirely valid to have a share with root-only data that must not be
written to, but the administrator has chosen to make available to 'admin
users'.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20081117/91b7b694/attachment.bin
More information about the samba-technical
mailing list