Mabe bug in Force User given root permission to all files.

Robert Dahlem Robert.Dahlem at gmx.net
Tue Dec 12 08:20:37 GMT 2000 

[moved to samba mailing list]

On Tue, 12 Dec 2000 05:00:33 +0100 (CET), Przemek Sobieski wrote:

>I think I find some bug in samba.
>When i user option force user or force group and restart deamons 
>peoples who log in samba get root perrmision to all files.
>
>I'll give hie config of my system etc. :
> 
>All permisions work fine with this:
>[Poczta]
>   comment = Poczta
>   path = /shells/Poczta
>   read only = no
>   public = no
>   write list = @admins
>   writable = yes
>   printable = no
>   force directory mode = 771
>   force create mode = 771
>   valid users = @poczta 
>
>
>But when i Add force user and group:
>
>[Poczta]
>   comment = Poczta
>   path = /shells/Poczta
>   read only = no
>   public = no
>   write list = @admins
>   writable = yes

This should read "writeable".

>   printable = no
>   force directory mode = 771
>   force create mode = 771
>   force group = poczta
>   force user = szef
>   valid users = @poczta 
>
>Any user can browse "Poczta" ! any user can do enything with files.
>Get root access to them.

You configured "valid users = @poczta" and your /etc/group contains a 
line:

poczta:x:125:serwis1,serwis2,handel1,handel2,asystent1,asystent2,szef

Does anybody else have access to the share "poczta" who is not member 
of this group?

Why do you think they have root access?

In my eyes it does not make sense to configure "writeable = yes" and 
"write list = @admins". With "writeable = yes" everybody with access 
to the share has write access. "write list" is for adding some writers 
to an otherwise unwriteable share.

"read only"  is an inverted synonym for "writeable".

I don't find no group "admins" in your /etc/group. Who is member of 
this group?

Regards,
        Robert


-- 
---------------------------------------------------------------
Robert.Dahlem at gmx.net           Fax +49-69-432647
---------------------------------------------------------------

Sent using PMMail (http://www.pmmail2000.com) - fast, decent, email
software; far better than Outlook. Try it sometime.

More information about the samba mailing list