Admin equiv creates root owned files
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Fri May 29 15:17:02 GMT 1998
On Sat, 30 May 1998, Tim Winders wrote:
> On Sat, 30 May 1998, Andrew Tridgell wrote:
> > > I just noticed this and am questioning the security implications. I have
> > > the following in smb.conf
> > >
> > > admin users = twinders
> > > domain admin users = twinders
> > >
> > > When I login to Win95/WinNT with the twinders username and correct
> > > password, any files created on the Samba server are owned root and group
> > > system. This is under Digital Unix 4.0D and CVS HEAD from 5/24. Can
> > > anyone explain why these files should be root owned instead of user owned?
> > this is explained in the smb.conf man page.
> > It is tempting to remove this option completely as so many people seem
> > to just assume it works like the NT equivalent does. It really isn't a
> > very useful option. Jeremy, what do you think? remove it?
> > -----
> > .SS admin users (S)
> > This is a list of users who will be granted administrative privileges
> > on the share. This means that they will do all file operations as the
> > super-user (root).
> > You should use this option very carefully, as any user in this list
> > will be able to do anything they like on the share, irrespective of
> > file permissions.
> I read this, but disagree with how it should work. Is the ONLY thing it
> does is FILE permissions? Are there other "domain" things that might pop
> up in the future?
More information about the samba-ntdom