Admin equiv creates root owned files

Andrew Tridgell tridge at samba.anu.edu.au
Fri May 29 14:50:17 GMT 1998


> I just noticed this and am questioning the security implications.  I have
> the following in smb.conf
> 
>    admin users = twinders
>    domain admin users = twinders
> 
> When I login to Win95/WinNT with the twinders username and correct
> password, any files created on the Samba server are owned root and group
> system.  This is under Digital Unix 4.0D and CVS HEAD from 5/24.  Can
> anyone explain why these files should be root owned instead of user owned?

this is explained in the smb.conf man page. 

It is tempting to remove this option completely as so many people seem
to just assume it works like the NT equivalent does. It really isn't a
very useful option. Jeremy, what do you think? remove it?

-----
.SS admin users (S)

This is a list of users who will be granted administrative privileges
on the share. This means that they will do all file operations as the
super-user (root).

You should use this option very carefully, as any user in this list
will be able to do anything they like on the share, irrespective of
file permissions.



More information about the samba-ntdom mailing list