[Samba] Re: 'add/change/delete share command'(s) in smb.conf
Igor Belyi
sambauser at katehok.ac93.org
Sat Oct 16 05:38:20 GMT 2004
On a second thought... It doesn't matter if path is '/' or '/etc/samba'
- if user has access to edit smb.conf directly he/she can create similar
share with 'path = /' and 'force user = root' any time and have access
to the whole computer. So, I agree - you'd better trust 'theusername' as
if it were 'root'.
Igor
Igor Belyi wrote:
> Hm... Interesting idea... Since access is necessary only to smb.conf
> than probably changing share's path to
> 'path = /etc/samba' could be a better alternative...
>
> But then again.. how 'add/change/delete share commands' will know that
> this particular user has access to this [config] share even if path is
> left as '/'? So, it probably won't work via those commands - user will
> need to edit smb.conf by hand while accessing it via the [config] share.
>
> Igor
>
> David Rankin wrote:
>
>> This will work:
>>
>> [config]
>> comment = Admin Share
>> path = /
>> valid users = theusername
>> force user = root
>> force group = theusergroup
>> admin users = theusername
>> writeable = Yes
>>
>> **** W A R N I N G **** whoever 'theusername' is will have complete
>> access
>> to all files listed in or below the path directory (your entire box
>> as shown
>> above). If you can limit the path to say /home or wherever the files of
>> concern are, you would be much better off.
>>
>> --
>> David C. Rankin, J.D., P.E.
>> Rankin * Bertin, PLLC
>> 510 Ochiltree Street
>> Nacogdoches, Texas 75961
>> (936) 715-9333
>> www.rankin-bertin.com
>> ----- Original Message ----- From: "Igor Belyi"
>> <sambauser at katehok.ac93.org>
>> To: <samba at lists.samba.org>
>> Sent: Friday, October 15, 2004 11:17 PM
>> Subject: [Samba] Re: 'add/change/delete share command'(s) in smb.conf
>>
>>
>>
>>
>>> webster at lexmark.com wrote:
>>>
>>>
>>>> Hello.
>>>>
>>>> I need to allow one of my users to add & delete shares on my Samba
>>>>
>>>
>> server
>>
>>
>>>> through the 'server manager' applet on his client .
>>>>
>>>> This same user also writes some files to the same Samba server.
>>>> I don't want the files that he writes to be owned/written by 'root' .
>>>>
>>>> The way I understand the 'add share command' currently, this is not
>>>> possible.
>>>>
>>>> Am I missing something?
>>>>
>>>
>>> I think you are right. User can not have more than 1 identity when
>>> connecting to Samba. If it's an Administrator everything will be done
>>> from the root account.
>>>
>>> Igor
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: http://lists.samba.org/mailman/listinfo/samba
>>>
>>
>>
>>
>>
>>
>
>
More information about the samba
mailing list