[Samba] admin users' file is owned by root

Christian Barth barth at cck.uni-kl.de
Fri Jun 7 10:54:05 GMT 2002 

There is principel a difference between Windows and Unix:

On Windows you are a user with admin rights, On Unix you are admin. 
Unix root is admin and this with every thing he does: reading, 
writing files, running programms, ... Because of this the unix system 
is simple and clear, but some times some how limited. On windows the 
user has different rights, but remains the user. Sound's good, but 
have you ever tried to get an unprivilied user to run Excel-Makros on 
a NT4 TS? Or have been supriesed that some times a user with admin 
rights is not enough and you need to be Administrator?

Samba some how has to keep with this difference. So admin users are 
mapped to root. And how sould samba be able to distinguish if a file 
operation is done as user or as admin user, once the user is admin 
user? Some tricky heuristics? Like "If the user can do this, he does 
this as user, if not as admin user = root"?

The solution is the other way round: admin users is a per share 
parameter: Do not put it in homes, so your admins are useres in thier 
home. Put it in a share with path = /homes and your admins can access 
all files of all users as admins. Watch the rights on files they copy 
to other users. May be put admin users in [netlogon] and [printers], 
but at least in [netlogon] you can do a lot with file permissions.

Hope this helps,

Christian


> I can not get the idea that you are saying, I have two users in "admin
> users" group and both of them have thier own uid:gid and they are
> "not" root. Any files they created through samba share on window side
> (I did not test modification) in files ownership changed into root's,
> this does not make any sense to me. 
> 
> Remember the samba share I talk about is user's home. If a file in
> your home directory is owned by root, not you and it has no write
> permission for group or/and other. What you are going to do with it
> then?
> 
> Weixing Hao
> 
> 
> -----Original Message-----
> From: Nelson, John P. [mailto:john.nelson at teradyne.com]
> Sent: Friday, June 07, 2002 11:02 AM
> To: 'Weixing.Hao at frx.com'
> Subject: Re: [Samba] admin users' file is owned by root
> 
> 
> >I just found that if an user is assigned in the "admin users", and if
> >the user grab a file from window to samba share, the file will be
> >owned by root from unix view. I am believing this is a bug. 
> 
> Why do you think this is a bug?
> 
> If a user is in "admin users", that means that samba will perform all
> operations for that user using the account "root".  That's the
> DEFINITION of "admin users".
> 
> If a file created by a member of "admin users" was owned by anyone
> OTHER THAN "root", it would be a bug!
> 


               _(_)_                          wWWWw   _
   @@@@       (_)@(_)   vVVVv     _     @@@@  (___) _(_)_
  @@()@@ wWWWw  (_)\    (___)   _(_)_  @@()@@   Y  (_)@(_)
   @@@@  (___)     `|/    Y    (_)@(_)  @@@@   \|/   (_)\
    /      Y       \|    \|/    /(_)    \|      |/      |
 \ |     \ |/       | / \ | /  \|/       |/    \|      \|/
jgs|//   \\|///  \\\|//\\\|/// \|///  \\\|//  \\|//  \\\|// 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

More information about the samba mailing list