[Samba] [Samba 2.2.6] share permissions override Unix rigths?

Andrew Bartlett abartlet at samba.org
Wed Nov 13 04:30:01 GMT 2002


On Wed, 2002-11-13 at 14:48, Mihail S. Dorofeev wrote:
> Hi All!
> I have Samba 2.2.6 installed on Solaris 8 SPARC. Samba is authenticating
> users against LDAP (Netscape Directory Server 4.12)
> 
> One of my directories has rights as following (using synonyms):
> 
> d rwx r-x ---  owner : growner    VOL5
> 
> I have another user USER1 whose primary group membership is GROUP1,
> supplementary groupmembership GROWNER.
> 
> My Samba config follows:
> 
> [VOL5]
>         path = /export/home/VOL5
>         valid users = +GROWNER
>         admin users = USER1
>         read only = No
> 
> The user USER1  ___CAN___ write to VOL5 share! although it actually DOES NOT
> have UNIX rights to do this!!!!
> All other users who are members of GROWNER ___CAN NOT____  write to VOL5.
> 
> Regarding this there are two questions:
> 
> 1. Once Samba has authenticated a user successfully DOES it then check Unix
> user permissions ? (I assume - YES)
> 1a.  Then WHY does it allow the user USER1 to write to VOL5 ? Does ___ADMIN
> USER___ privilege override normal Unix permissions ???

Yes.  As per the documentation, 'admin users' makes a user root.  I
think this is even in the FAQ now.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20021113/158048ee/attachment.bin


More information about the samba mailing list