[Samba] Re: domain administrator is always mapped to root
Gerald (Jerry) Carter
jerry at samba.org
Wed Jan 5 19:15:29 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Michael Lueck wrote:
| On Wed, 05 Jan 2005 12:37:59 -0600, Gerald (Jerry) Carter wrote:
|>Florian Effenberger wrote:
|>| Hi Michael,
|>|> 2) Anyone who is a Samba Domain Admin will cause things in the log to
|>|> equate the user to being the root user. Just how Samba thinks about
|>| okay. Any chance to get that "fixed" by the Samba development
|>| team? :-)
|> The admin users option was never meant to control permissions
|> for things like adding users on the Samba server, etc...
|> So what you have now is behavior by design. I'm working on
|> a new feature that will allow you to define rights for certain
|> groups such as 'add computers to domain', 'restart server',
|> etc.... I just keep getting sidetracked with other things.
| He was noticing that within the Samba logs you can see
| Samba realize that user xxx is a domain admin, thus shift
| to calling user xxx by the userid root. Thus files saved
| on the Samba share by a domain admin user show up as root
| owning them on the Linux filesystem. Any simple explanation
| why that behavior is withing the Samba code?
a domain admin != admin user. You'll have to show me
a log that proves smbd is giving root privileges to a user list
as a domain admin but not an admin user. And if you do, please
send the evidence to security at samba.org.
I've got working setups that never exhibit the behavior
described in the original mail. So I'm finding your claim
a little hard to believe.
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba