[Samba] Re: Problem with admin users

Jérôme Fenal jerome.fenal at logicacmg.com
Tue Dec 16 09:11:52 GMT 2003

McKeever Chris wrote:

> On Mon, 15 Dec 2003 12:09 , Luiz Fernando Aguiar Leme <billy at tol.net.br> sent:
>>Hi all,
>>on my smb.conf, contents the following lines:
>>admin users = root claudio roberto
>>security = server
>>when this users save  or write files on shared folders, they saves with
>>How do i force this users to save your own user:group and not root:wheels???
>>On the shared folders contents the following lines, for example:
>>  comment = Diretorio publico
>>  path = /usuarios/publico
>>  public = yes
>>  writable = yes
>>  security mask = 770
>>  create mask = 0770
>>  force create mode = 770
>>  force directory mode = 770
>>  force security mode = 770
>>  printable = no
> not 100% your answer, but for shared folders, you can force the user and group that it is written as, in this case, force it to administrator and 
> domain admins ...
> does the above scenario only happen with the admin-level users?  so standard users save with thier username and default group?

Be careful with this one. When a user is present in the « admin users = 
» clause, it is mapped to root (on the Unix side of Samba) whatever he 
does. It was done to circumvent access control (and problems with group 
mappings) to allow users to do administration tasks. The downside is 
that their files are now owned by root... The worst problem with this is 
that their profile is also partially owned by root (if they have one), 
and when they are no more in  the « admin users = » clause, they won't 
be able to use their profile.



Jérôme Fenal - Consultant Unix/SAN/Logiciel Libre
Groupe Expert & Managed Services - LogicaCMG France
http://www.logicacmg.com/fr/ - <mailto:jerome.fenal AT logicacmg.com>

More information about the samba mailing list