Read and write list ordering
Justin Maggard
jmaggard10 at gmail.com
Thu Jul 21 18:16:29 UTC 2016
On Thu, Jul 21, 2016 at 1:52 AM, Uri Simchoni <uri at samba.org> wrote:
> On 07/20/2016 10:59 PM, Justin Maggard wrote:
>> On Sun, Jul 17, 2016 at 04:00:15PM +0200, Volker Lendecke wrote:
>>> On Sat, Jul 16, 2016 at 03:42:54PM -0700, Jeremy Allison wrote:
>>>> Can we make such a change in a new major release ? i.e. would
>>>> such a patch be acceptable in a 4.5.0 release - so long as it
>>>> is fully documented in the release notes ?
>>>
>>> No from my point of view. We need a fresh set of options for this.
>>> This behaviour has been in Samba for so long, I've even put this into
>>> a book I've written long ago. God knows how many setups we're going to
>>> break.
>>
>> I'll live with whatever the final verdict is. I just want to first
>> make sure that everyone is clear on what we'd actually be breaking
>> though. There is exactly one case that would change behavior with my
>> patch. That one case consists of a user populating "read list" with
>> individual user accounts, then summarily overriding those entries by
>> adding a group entry for a group that encompasses those users to
>> "write list". It's hard for me to imagine anyone doing that
>> intentionally. It seems more likely to me that there are many users
>> out there with configurations that are less restrictive than they
>> expect (which is, in fact, where the motivation for my patch came
>> from).
>>
>> If we stick with the status quo, could we at least make the
>> documentation more explicit about this peculiarity?
>>
>> -Justin
>>
> I read the following under "write list" in smb.conf.5:
>
> """
> Note that if a user is in both the read list and the write list then
> they will be given write access.
> """
>
Right. That makes sense to somebody like you or me, who understands
how the list gets evaluated. But many normal users think of "users"
and a "groups" as different classes of accounts. So when the man page
says "... if a user is in both ...", they may not infer that groups
count just as much as users. I've worked with two such Samba users
who were confused by that (even after sharing that exact sentence with
them) just within the last month.
-Justin
More information about the samba-technical
mailing list