request to remove security=share

Christopher R. Hertel crh at ubiqx.mn.org
Sun Mar 12 17:50:19 GMT 2006


Volker Lendecke wrote:
 >
> Brainstorming... What two new share parameters:
> 
> "share read user" and "share write user".
 >
> In security=share, any share not having either of them is
> rejected access. The user named in the parameters is then
> treated as if it came from session setup. Not sure, but this
> might also work with winbind users.
> 
> Then we might remove all the guessing magic.

One thing I think you'll want to do is an implicit "force user" to force
the read-only user to "become" the read/write user once authentication is
complete.  The connection would still be read-only, but you won't have to
worry about the read-only user having permission to read files owned by
the read/write user.

The system admin may also add a "force user" to the share and that should, 
of course, be applied in any case once the authentication has completed.

Chris -)-----

-- 
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org


More information about the samba-technical mailing list