Admin equiv creates root owned files
Tim Winders
twinders at SPC.cc.tx.us
Fri May 29 15:48:33 GMT 1998
On Fri, 29 May 1998, Luke Kenneth Casson Leighton wrote:
> On Sat, 30 May 1998, Tim Winders wrote:
>
> > On Sat, 30 May 1998, Andrew Tridgell wrote:
> >
> > > > I just noticed this and am questioning the security implications. I have
> > > > the following in smb.conf
> > > >
> > > > admin users = twinders
> > > > domain admin users = twinders
> > > >
> > > > When I login to Win95/WinNT with the twinders username and correct
> > > > password, any files created on the Samba server are owned root and group
> > > > system. This is under Digital Unix 4.0D and CVS HEAD from 5/24. Can
> > > > anyone explain why these files should be root owned instead of user owned?
> > >
> > > this is explained in the smb.conf man page.
> > >
> > > It is tempting to remove this option completely as so many people seem
> > > to just assume it works like the NT equivalent does. It really isn't a
> > > very useful option. Jeremy, what do you think? remove it?
> > >
> > > -----
> > > .SS admin users (S)
> > >
> > > This is a list of users who will be granted administrative privileges
> > > on the share. This means that they will do all file operations as the
> > > super-user (root).
> > >
> > > You should use this option very carefully, as any user in this list
> > > will be able to do anything they like on the share, irrespective of
> > > file permissions.
> >
> > I read this, but disagree with how it should work. Is the ONLY thing it
> > does is FILE permissions? Are there other "domain" things that might pop
> > up in the future?
>
> none.
>
So, unless you WANT root file priv there is *NO* reason to use these
options, right?
=== Tim
---------------------------------------------------------------------
| Tim Winders, CNE, MCSE | Email: TWinders at SPC.cc.tx.us |
| Network Administrator | Phone: 806-894-9611 x 2369 |
| South Plains College | Fax: 806-897-4711 |
---------------------------------------------------------------------
More information about the samba-ntdom
mailing list