"write list" overrides "read only" but "admin users" does not

Andrew Bartlett abartlet at samba.org
Mon Nov 17 02:27:08 GMT 2008

On Sat, 2008-11-15 at 16:43 -0800, Steven Danneman wrote:
> I've noticed that in "security = user" (and probably ads) mode, that
> users added to the "write list" parameter override the "read only"
> parameter, and are allowed to write to that share.  This is documented
> in the smb.conf man page.
> However, users added to the "admin users" parameter do not override the
> "read only" parameter and cannot write to that share.  This seems
> semantically quite odd.  Admin users, who will be set to UID root,
> should be allowed the same or more access as writers.
> Yes, the admin could just add the user to both lists, but that's
> non-intuitive.
> Does anybody know if there's a specific reason for this behavior?  Will
> allowing "admin users" to override "read only" break anybody's workflow?
> I haven't delved deeply into all code paths, but I think changing this
> behavior may be as easy as:

I really don't like the idea of overriding the 'read only' thing.
Similarly, we generally recommend against the 'admin users' parameter.  

I don't think changing these semantics is a good idea.  It seems
entirely valid to have a share with root-only data that must not be
written to, but the administrator has chosen to make available to 'admin

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20081117/91b7b694/attachment.bin

More information about the samba-technical mailing list