[Samba] Re: 'add/change/delete share command'(s) in smb.conf
Igor Belyi
sambauser at katehok.ac93.org
Mon Oct 25 16:34:08 GMT 2004
What David meant is that you can achieve this by making user to run
scripts adding/removing share from a command line instead of using
srvmgr.exe or 'net share add/delete'. When those scripts will run on a
share which forces access to be root they will update smb.conf as a
root. Other shares will be accessed from a normal user identity.
Igor
webster at lexmark.com wrote:
>Igor & David,
>
>Thanks for the replies.
>However, what I think I'm reading is that there is no current solution for
>my problem, right?
>
>As Igor states, how would the Windows GUI 'add/change/delete'(or even
>command-line 'rmtshare') commands (know to) use this [config] share?
>
>I trust the 'user' , that's not a problem.
>The problem is that I don't want them to always be 'root' on the Samba
>server, especially as they create most of the files.
>There are other processes which rely on these files being owned by this
>particular user, not 'root' .
>
>
>Gary R. Webster
>
>
>
>
>Igor Belyi <sambauser at katehok.ac93.org>
>Sent by: samba-bounces+webster=lexmark.com at lists.samba.org
>10/16/04 01:38 AM
>
>
> To: David Rankin <drankin at cox-internet.com>
> cc: samba at lists.samba.org
> Subject: Re: [Samba] Re: 'add/change/delete share command'(s) in smb.conf
>
>On a second thought... It doesn't matter if path is '/' or '/etc/samba'
>- if user has access to edit smb.conf directly he/she can create similar
>share with 'path = /' and 'force user = root' any time and have access
>to the whole computer. So, I agree - you'd better trust 'theusername' as
>if it were 'root'.
>
>Igor
>
>Igor Belyi wrote:
>
>
>
>>Hm... Interesting idea... Since access is necessary only to smb.conf
>>than probably changing share's path to
>>'path = /etc/samba' could be a better alternative...
>>
>>But then again.. how 'add/change/delete share commands' will know that
>>this particular user has access to this [config] share even if path is
>>left as '/'? So, it probably won't work via those commands - user will
>>need to edit smb.conf by hand while accessing it via the [config] share.
>>
>>Igor
>>
>>David Rankin wrote:
>>
>>
>>
>>>This will work:
>>>
>>>[config]
>>> comment = Admin Share
>>> path = /
>>> valid users = theusername
>>> force user = root
>>> force group = theusergroup
>>> admin users = theusername
>>> writeable = Yes
>>>
>>>**** W A R N I N G **** whoever 'theusername' is will have complete
>>>access
>>>to all files listed in or below the path directory (your entire box
>>>as shown
>>>above). If you can limit the path to say /home or wherever the files of
>>>concern are, you would be much better off.
>>>
>>>--
>>>David C. Rankin, J.D., P.E.
>>>Rankin * Bertin, PLLC
>>>510 Ochiltree Street
>>>Nacogdoches, Texas 75961
>>>(936) 715-9333
>>>www.rankin-bertin.com
>>>----- Original Message ----- From: "Igor Belyi"
>>><sambauser at katehok.ac93.org>
>>>To: <samba at lists.samba.org>
>>>Sent: Friday, October 15, 2004 11:17 PM
>>>Subject: [Samba] Re: 'add/change/delete share command'(s) in smb.conf
>>>
>>>
>>>
>>>
>>>
>>>>webster at lexmark.com wrote:
>>>>
>>>>
>>>>
>>>>
>>>>>Hello.
>>>>>
>>>>>I need to allow one of my users to add & delete shares on my Samba
>>>>>
>>>>>
>>>>>
>>>server
>>>
>>>
>>>
>>>
>>>>>through the 'server manager' applet on his client .
>>>>>
>>>>>This same user also writes some files to the same Samba server.
>>>>>I don't want the files that he writes to be owned/written by 'root' .
>>>>>
>>>>>The way I understand the 'add share command' currently, this is not
>>>>>possible.
>>>>>
>>>>>Am I missing something?
>>>>>
>>>>>
>>>>>
>>>>I think you are right. User can not have more than 1 identity when
>>>>connecting to Samba. If it's an Administrator everything will be done
>>>>from the root account.
>>>>
>>>>Igor
>>>>
>>>>
>
>
>
>
More information about the samba
mailing list