"write list" overrides "read only" but "admin users" does not
Steven Danneman
steven.danneman at isilon.com
Sun Nov 16 00:43:07 GMT 2008
I've noticed that in "security = user" (and probably ads) mode, that
users added to the "write list" parameter override the "read only"
parameter, and are allowed to write to that share. This is documented
in the smb.conf man page.
However, users added to the "admin users" parameter do not override the
"read only" parameter and cannot write to that share. This seems
semantically quite odd. Admin users, who will be set to UID root,
should be allowed the same or more access as writers.
Yes, the admin could just add the user to both lists, but that's
non-intuitive.
Does anybody know if there's a specific reason for this behavior? Will
allowing "admin users" to override "read only" break anybody's workflow?
I haven't delved deeply into all code paths, but I think changing this
behavior may be as easy as:
diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h
index d2e0aa9..a7740c0 100644
--- a/source3/include/smb_macros.h
+++ b/source3/include/smb_macros.h
@@ -93,7 +93,7 @@
/* access various service details */
#define SERVICE(snum) (lp_servicename(snum))
#define PRINTERNAME(snum) (lp_printername(snum))
-#define CAN_WRITE(conn) (!conn->read_only)
+#define CAN_WRITE(conn) (!conn->read_only || conn->admin_user)
#define VALID_SNUM(snum) (lp_snum_ok(snum))
#define GUEST_OK(snum) (VALID_SNUM(snum) && lp_guest_ok(snum))
#define GUEST_ONLY(snum) (VALID_SNUM(snum) && lp_guest_only(snum))
-Steven
More information about the samba-technical
mailing list