[Samba] Re: 'add/change/delete share command'(s) in smb.conf

Mon Oct 25 16:34:08 GMT 2004

What David meant is that you can achieve this by making user to run 
scripts adding/removing share from a command line instead of using 
srvmgr.exe or 'net share add/delete'. When those scripts will run on a 
share which forces access to be root they will update smb.conf as a 
root. Other shares will be accessed from a normal user identity.

Igor

webster at lexmark.com wrote:

>Igor & David,
>
>Thanks for the replies.
>However, what I think I'm reading is that there is no current solution for 
>my problem, right?
>
>As Igor states, how would the Windows GUI 'add/change/delete'(or even 
>command-line 'rmtshare') commands (know to) use this [config] share?
>
>I trust the 'user' , that's not a problem.
>The problem is that I don't want them to always be 'root' on the Samba 
>server, especially as they create most of the files.
>There are other processes which rely on these files being owned by this 
>particular user, not 'root' .
>
>
>Gary R. Webster
>
>
>
>
>Igor Belyi <sambauser at katehok.ac93.org>
>Sent by: samba-bounces+webster=lexmark.com at lists.samba.org
>10/16/04 01:38 AM
>
> 
>        To:     David Rankin <drankin at cox-internet.com>
>        cc:     samba at lists.samba.org
>        Subject:        Re: [Samba] Re: 'add/change/delete  share command'(s)  in smb.conf
>
>On a second thought... It doesn't matter if path is '/' or '/etc/samba'
>- if user has access to edit smb.conf directly he/she can create similar
>share with 'path = /' and 'force user = root' any time and have access
>to the whole computer. So, I agree - you'd better trust 'theusername' as
>if it were 'root'.
>
>Igor
>
>Igor Belyi wrote:
>
>  
>
>>Hm... Interesting idea... Since access is necessary only to smb.conf
>>than probably changing share's path to
>>'path = /etc/samba' could be a better alternative...
>>
>>But then again.. how 'add/change/delete share commands' will know that
>>this particular user has access to this [config] share even if path is
>>left as '/'? So, it probably won't work via those commands - user will
>>need to edit smb.conf by hand while accessing it via the [config] share.
>>
>>Igor
>>
>>David Rankin wrote:
>>
>>    
>>
>>>This will work:
>>>
>>>[config]
>>>       comment = Admin Share
>>>       path = /
>>>       valid users = theusername
>>>       force user = root
>>>       force group = theusergroup
>>>       admin users = theusername
>>>       writeable = Yes
>>>
>>>**** W A R N I N G **** whoever 'theusername' is will have complete
>>>access
>>>to all files listed in or below the path directory (your entire box
>>>as shown
>>>above). If you can limit the path to say /home or wherever the files of
>>>concern are, you would be much better off.
>>>
>>>--
>>>David C. Rankin, J.D., P.E.
>>>Rankin * Bertin, PLLC
>>>510 Ochiltree Street
>>>Nacogdoches, Texas 75961
>>>(936) 715-9333
>>>www.rankin-bertin.com
>>>----- Original Message ----- From: "Igor Belyi"
>>><sambauser at katehok.ac93.org>
>>>To: <samba at lists.samba.org>
>>>Sent: Friday, October 15, 2004 11:17 PM
>>>Subject: [Samba] Re: 'add/change/delete share command'(s) in smb.conf
>>>
>>>
>>>
>>>      
>>>
>>>>webster at lexmark.com wrote:
>>>>
>>>>
>>>>        
>>>>
>>>>>Hello.
>>>>>
>>>>>I need to allow one of my users to add & delete shares on my Samba
>>>>>
>>>>>          
>>>>>
>>>server
>>>
>>>
>>>      
>>>
>>>>>through the 'server manager' applet on his client .
>>>>>
>>>>>This same user also writes some files to the same Samba server.
>>>>>I don't want the files that he writes to be owned/written by 'root' .
>>>>>
>>>>>The way I understand the 'add share command' currently, this is not
>>>>>possible.
>>>>>
>>>>>Am I missing something?
>>>>>
>>>>>          
>>>>>
>>>>I think you are right. User can not have more than 1 identity when
>>>>connecting to Samba. If it's an Administrator everything will be done
>>>>from the root account.
>>>>
>>>>Igor
>>>>        
>>>>
>
>
>  
>