[Samba] Re: Admin users, file operations and file ownership

Pete Eide petter.eide at gmail.com
Sun Feb 13 17:28:15 GMT 2005


Here is the configuration:

[global]
	server string = Linux DC (%h)
	netbios name = xxx
	display charset = iso-8859-1
	name resolve order = wins lmhosts hosts bcast
	admin users = @winadm
	obey pam restrictions = yes
	lm announce = no
	time server = yes
	fake directory create times = yes
	dns proxy = No
	keep alive = 30
	dos charset = 850
	local master = yes
	domain master = yes
	preferred master = true
	domain logons = yes
	workgroup = xxx
	os level = 99
	update encrypted = yes
	security = user
	dos filetimes = yes
	min protocol = NT1
	client lanman auth = no
	logon path = \\samba\profile
	logon script = logon.bat
	encrypt passwords = true
	passdb backend = ldapsam:ldap://xx.xx.xx.xx
	wins support = true
	unix extensions = yes
	dos filetime resolution = yes
	unix charset = ISO8859-1
	panic action = /usr/share/samba/panic-action %d
	map to guest = Never
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	getwd cache = yes

	log file = /var/log/samba/log.%m
	max log size = 1000
	log level = 1
	syslog = 0
	debug uid = yes

	idmap gid = 500-65535
	idmap uid = 500-65535

         ldap admin dn = "cn=xx,dc=xx,dc=xx"
         ldap server = xx.xx.xx.xx

         ldap port = 389
	ldap suffix = dc=xx,dc=xx

	ldap delete dn = no
	ldap user suffix = ou=People
	ldap group suffix = ou=Group
	ldap machine suffix = ou=Computers

         passwd program = /usr/sbin/smbldap-passwd %u
         passwd chat = *new*password* %n\n *new*password* %n\n 
*successfully*
         unix password sync = yes
	ldap passwd sync = yes

         add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null 
-g 903 -c 'Workstation' -s /bin/false %u

	load printers = yes
	printing = cups
	printcap name = cups

[homes]
	comment = Home Directories
	browseable = no
	read only = no
         valid users = %U
         writeable = yes
         create mode = 0640
         directory mode = 0750
         force create mode = 0640
         force directory mode = 0750
         path = /home/%U
	public = no

[netlogon]
	comment = Domain logon service
	path = /home/samba/netlogon
	public = no
	read only = yes
	writable = no
     	browsable = no
	write list = @winadm

[profile]
	path = /home/%U/.smb_profile
	nt acl support = no
	csc policy = disable
	profile acls = yes
	browseable = no
	create mode = 0600
	directory mode = 0700
	read only = no
	default case = lower
	preserve case = no
	short preserve case = no
	mangle case = yes
	case sensitive = no
	valid users = %U
	guest = ok
	force user = %U


[printers]
	comment = All Printers
	path = /var/spool/samba
	create mask = 0700
	printable = yes
	browseable = no
	public = yes
	guest ok = yes
	writable = no
	printable = yes
	printer admin = @winadm

[print$]
	comment = Printer Drivers
	path = /etc/samba/drivers
	browseable = yes
	guest ok = no
	read only = yes
	write list = @winadm

[share]
         comment =
         path = /opt/share
         valid users = @users, @winadm
         force group = users
         read only = No
         create mask = 0664
         directory mask = 0775
	browseable = yes

[adm]
	comment = adm
	path = /home/samba
	valid users = @winadm
	force group = winadm
	read only = No
	create mask = 0664
	directory mask = 0775
	inherit permissions = Yes
	public = no
	browseable = no

[cdrom]
    comment = Samba server's CD-ROM
    writable = no
    locking = no
    path = /cdrom
    public = yes

    preexec = /bin/mount /cdrom
    postexec = /bin/umount /cdrom


Petter L. H. Eide wrote:
> Hello,
> 
> When a user is defined in admin users, Samba will always do file
> operations for this user as root. In my case when these users creates
> a new file or directory root i defined as owner of the new files as
> well. When only accessing the files through windows, this isn't
> usually a problem, but once using linux again, this is a bit
> annoying..
> 
> Is it supposed to be this way? Is there any possible solutions to
> avoid the problem?
> 
> 
> My samba-config-file is attached.
> 
> 
> I would be very grateful if  anybody could help me with this.
> 
> Best regards,
> Pete
> 



More information about the samba mailing list