write list bug reports [was Re: [Samba] OTHER BUG IN SAMBA 3.0.4?!
Alex de Vaal
AVaal at nh-hotels.nl
Wed May 19 11:34:33 GMT 2004
> On Tue, May 18, 2004 at 05:20:59PM +0200, Alex de Vaal wrote:
>> comment = Printer Driver Download Area
>> path = /etc/samba/drivers
>> write list = root, '@TEST.COM\Domain Admins',
>> force user = root
>> guest ok = Yes
> On a related note, what's the point of having every user connected as
> root and also use a write list, specially for other users besides root?
> What is the expected behaviour here? Wouldn't it be best to use "valid
> users" instead of the write list? I'm a little confused about this scenario.
> What takes precedence, force user or write list?
The print$ share is in my case a "read only" share, that can be accessed by anybody
(guest ok = Yes). Normally any user doesn't have write access to a "read only" share,
but with "write list" you can define which users or groups can have write access here.
Normally this is sufficient.
My Samba server is however a real domain member of a native W2k3 ADS and no
real linux users exist on my Linux server (except the default, root and my backdoor
root). That means that only ADS users or groups have access to my Samba shares.
Because we have multiple country delegated admins (member of 'Domain Admins')
they can all upload printer drivers. The reason that I use "force user = root" is that the
uploaded printer drivers will be owned by the linux user root (uid=0 and gid=0) and
not any Windows domain admin.
If you want to use "valid users" on your share then you have to define the users or
groups that can have access to your share. In case of a printer driver download area
I don't want to define users, just anybody is allowed to download them (less
So, it just a matter of the choice you make. On the choice you make you have to use
the "cause and effect" principle... :)
More information about the samba