[Samba] [Samba 2.2.6] share permissions override Unix rigths?
Andrew Bartlett
abartlet at samba.org
Wed Nov 13 04:30:01 GMT 2002
On Wed, 2002-11-13 at 14:48, Mihail S. Dorofeev wrote:
> Hi All!
> I have Samba 2.2.6 installed on Solaris 8 SPARC. Samba is authenticating
> users against LDAP (Netscape Directory Server 4.12)
>
> One of my directories has rights as following (using synonyms):
>
> d rwx r-x --- owner : growner VOL5
>
> I have another user USER1 whose primary group membership is GROUP1,
> supplementary groupmembership GROWNER.
>
> My Samba config follows:
>
> [VOL5]
> path = /export/home/VOL5
> valid users = +GROWNER
> admin users = USER1
> read only = No
>
> The user USER1 ___CAN___ write to VOL5 share! although it actually DOES NOT
> have UNIX rights to do this!!!!
> All other users who are members of GROWNER ___CAN NOT____ write to VOL5.
>
> Regarding this there are two questions:
>
> 1. Once Samba has authenticated a user successfully DOES it then check Unix
> user permissions ? (I assume - YES)
> 1a. Then WHY does it allow the user USER1 to write to VOL5 ? Does ___ADMIN
> USER___ privilege override normal Unix permissions ???
Yes. As per the documentation, 'admin users' makes a user root. I
think this is even in the FAQ now.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20021113/158048ee/attachment.bin
More information about the samba
mailing list