Admin equiv creates root owned files

Tim Winders twinders at SPC.cc.tx.us
Fri May 29 15:48:33 GMT 1998 

On Fri, 29 May 1998, Luke Kenneth Casson Leighton wrote:

> On Sat, 30 May 1998, Tim Winders wrote:
> 
> > On Sat, 30 May 1998, Andrew Tridgell wrote:
> > 
> > > > I just noticed this and am questioning the security implications.  I have
> > > > the following in smb.conf
> > > > 
> > > >    admin users = twinders
> > > >    domain admin users = twinders
> > > > 
> > > > When I login to Win95/WinNT with the twinders username and correct
> > > > password, any files created on the Samba server are owned root and group
> > > > system.  This is under Digital Unix 4.0D and CVS HEAD from 5/24.  Can
> > > > anyone explain why these files should be root owned instead of user owned?
> > > 
> > > this is explained in the smb.conf man page. 
> > > 
> > > It is tempting to remove this option completely as so many people seem
> > > to just assume it works like the NT equivalent does. It really isn't a
> > > very useful option. Jeremy, what do you think? remove it?
> > > 
> > > -----
> > > .SS admin users (S)
> > > 
> > > This is a list of users who will be granted administrative privileges
> > > on the share. This means that they will do all file operations as the
> > > super-user (root).
> > > 
> > > You should use this option very carefully, as any user in this list
> > > will be able to do anything they like on the share, irrespective of
> > > file permissions.
> > 
> > I read this, but disagree with how it should work.  Is the ONLY thing it
> > does is FILE permissions?  Are there other "domain" things that might pop
> > up in the future? 
> 
> none.
> 

So, unless you WANT root file priv there is *NO* reason to use these
options, right?

=== Tim

---------------------------------------------------------------------
|  Tim Winders, CNE, MCSE        |  Email:  TWinders at SPC.cc.tx.us   |
|  Network Administrator         |  Phone:  806-894-9611 x 2369     |
|  South Plains College          |  Fax:    806-897-4711            |
---------------------------------------------------------------------

More information about the samba-ntdom mailing list