[Samba] Re: Problem with admin users
Jérôme Fenal
jerome.fenal at logicacmg.com
Tue Dec 16 09:11:52 GMT 2003
McKeever Chris wrote:
>
> On Mon, 15 Dec 2003 12:09 , Luiz Fernando Aguiar Leme <billy at tol.net.br> sent:
>
>
>>Hi all,
>>
>>on my smb.conf, contents the following lines:
>>
>>admin users = root claudio roberto
>>security = server
>>
>>when this users save or write files on shared folders, they saves with
>>root:wheels.
>>
>>How do i force this users to save your own user:group and not root:wheels???
>>
>>On the shared folders contents the following lines, for example:
>>
>>[publico]
>> comment = Diretorio publico
>> path = /usuarios/publico
>> public = yes
>> writable = yes
>> security mask = 770
>> create mask = 0770
>> force create mode = 770
>> force directory mode = 770
>> force security mode = 770
>> printable = no
>>
>>thanks!
>>
>
>
> not 100% your answer, but for shared folders, you can force the user and group that it is written as, in this case, force it to administrator and
> domain admins ...
>
> does the above scenario only happen with the admin-level users? so standard users save with thier username and default group?
Be careful with this one. When a user is present in the « admin users =
» clause, it is mapped to root (on the Unix side of Samba) whatever he
does. It was done to circumvent access control (and problems with group
mappings) to allow users to do administration tasks. The downside is
that their files are now owned by root... The worst problem with this is
that their profile is also partially owned by root (if they have one),
and when they are no more in the « admin users = » clause, they won't
be able to use their profile.
Regards,
Jérôme
--
Jérôme Fenal - Consultant Unix/SAN/Logiciel Libre
Groupe Expert & Managed Services - LogicaCMG France
http://www.logicacmg.com/fr/ - <mailto:jerome.fenal AT logicacmg.com>
More information about the samba
mailing list