[Samba] Re: 'add/change/delete share command'(s) in smb.conf

Igor Belyi sambauser at katehok.ac93.org
Sat Oct 16 05:38:20 GMT 2004 

On a second thought... It doesn't matter if path is '/' or '/etc/samba' 
- if user has access to edit smb.conf directly he/she can create similar 
share with 'path = /' and 'force user = root' any time and have access 
to the whole computer. So, I agree - you'd better trust 'theusername' as 
if it were 'root'.

Igor

Igor Belyi wrote:

> Hm... Interesting idea... Since access is necessary only to smb.conf 
> than probably changing share's path to
> 'path = /etc/samba' could be a better alternative...
>
> But then again.. how 'add/change/delete share commands' will know that 
> this particular user has access to this [config] share even if path is 
> left as '/'? So, it probably won't work via those commands - user will 
> need to edit smb.conf by hand while accessing it via the [config] share.
>
> Igor
>
> David Rankin wrote:
>
>> This will work:
>>
>> [config]
>>        comment = Admin Share
>>        path = /
>>        valid users = theusername
>>        force user = root
>>        force group = theusergroup
>>        admin users = theusername
>>        writeable = Yes
>>
>> **** W A R N I N G **** whoever 'theusername' is will have complete 
>> access
>> to all files listed in or below the path directory (your entire box 
>> as shown
>> above). If you can limit the path to say /home or wherever the files of
>> concern are, you would be much better off.
>>
>> -- 
>> David C. Rankin, J.D., P.E.
>> Rankin * Bertin, PLLC
>> 510 Ochiltree Street
>> Nacogdoches, Texas 75961
>> (936) 715-9333
>> www.rankin-bertin.com
>> ----- Original Message ----- From: "Igor Belyi" 
>> <sambauser at katehok.ac93.org>
>> To: <samba at lists.samba.org>
>> Sent: Friday, October 15, 2004 11:17 PM
>> Subject: [Samba] Re: 'add/change/delete share command'(s) in smb.conf
>>
>>
>>  
>>
>>> webster at lexmark.com wrote:
>>>   
>>>
>>>> Hello.
>>>>
>>>> I need to allow one of my users to add & delete shares on my Samba
>>>>     
>>>
>> server
>>  
>>
>>>> through the 'server manager' applet on his client .
>>>>
>>>> This same user also writes some files to the same Samba server.
>>>> I don't want the files that he writes to be owned/written by 'root' .
>>>>
>>>> The way I understand the 'add share command' currently, this is not
>>>> possible.
>>>>
>>>> Am I missing something?
>>>>     
>>>
>>> I think you are right. User can not have more than 1 identity when
>>> connecting to Samba. If it's an Administrator everything will be done
>>> from the root account.
>>>
>>> Igor
>>>
>>> -- 
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  http://lists.samba.org/mailman/listinfo/samba
>>>   
>>
>>
>>
>>  
>>
>
>

More information about the samba mailing list