IPC User Problem (was Situational Deadlock)
Andrew Bartlett
abartlet at samba.org
Wed Jan 28 20:59:20 GMT 2004
On Thu, 2004-01-29 at 07:51, Esh, Andrew wrote:
> The "admin user" setting is not set in smb.conf. The "force group" setting is set globally to allow all users of all shares to belong to the same group. This allows some crossover functionality with NFS we needed to have. I suppose we could put "force group" in every share, but it would be a PITA.
>
> Why can't we allow "force group" in the case of IPC? (Other shares,
> sure, but IPC? IPC should be open to anyone, or nothing works.)
> Remember, this will affect anyone who calls WNetAddConnection2 to
> connect to a share from NT. Our use of that call could be idiosyncratic,
> but I doubt it.
The IPC$ share is special only in that it is the only share on a non
termainal-server setup that is used by multiple users as a matter of
course.
The problem is this: People who setup 'force group' and 'force user'
often set even more bizarre things in their smb.conf to get there. They
also *think* that Samba only has one user at a time, or that each user
will open the shares independently.
This means that people setup configs like this:
[share1]
include =/etc/smb.conf.%U
and put force user in that include file etc. Naturally, this breaks
really badly when the second user comes along.
I would suggest that most of the cases were people use 'force user' or
'force group' (in particular) can be solved by appropriate Unix file
permissions. If this were a unix user, you would be using tricks like
chmod g+s dir/
So why should Samba be any different?
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040129/307fb9b5/attachment.bin
More information about the samba-technical
mailing list