[Samba] Cannot write over root owned file

Larry Alkoff labradley at mindspring.com
Wed May 3 21:59:16 GMT 2006 

david rankin wrote:
> From: "Larry Alkoff" <labradley at mindspring.com>
>> david rankin wrote:
>>> From: "Larry Alkoff" <labradley at mindspring.com>
>>>>
>>>> Which leads to the question,  how do I act as root on a samba share?
>>>> Or perhaps the question is how do I become root on the share?
>>>> Is sharing as root okay or is it bad practice?  Why?
>>>>
>>>
>>> Larry, in your smb.conf, try this:
>>>
>>>        valid users = you
>>>        force user = root
>>>        force group = root
>>>        admin users = you
>>>
>>> I believe if you just set admin users = whoever, that will force the 
>>> user and group to root by default. It has been a while since I played 
>>> with this, but I still use it and it works...
>>
>> I'm a little hesitant to access a share with full root access all the 
>> time.  Do you consider this safe?
>>
> 
> Yes, it's safe as long and you don't go wild hitting the [del] key in a 
> willie-nillie fashion. What I usually do that masks this from all users 
> except me is to create the user shares say:

I usually log on to a share called 'all' that starts at / so I can have 
my way with the target computer.  Up to now it's not been root access 
but I learned yesterday that I can smbmount as root and, by golly, the 
other machine obeys me.  So I'll use that at need.

> /home/samba/office
> /home/samba/forms
> /home/samba/jointcase
> 
> Then for my use I include an additional share for my use only which give 
> me root access to all share data; and that also hides the share from all 
> users. YMMV, but it works for me.


How is the samba share hidden from the other users?  Are you using 
security = user or share?  Today I started experimenting with security = 
share and it looks a little easier to manage because the machine icon 
will open and list all the shares without a password.

If you have security = share it looks to me like everyone would see the 
samba icon but could not access it since they didn't have the password 
(and maybe 'valid user = david' would prevent access also).

Or did you mean 'access the samba share' by "see"?


> [samba]
>        comment = Base Samba Share
>        path = /home/samba
>        valid users = david
>        force user = david
>        force group = ochiltree
>        admin users = david
>        browseable = no
>        writeable = Yes
>        inherit permissions = yes
> 
> 
>> What I've worked out is to mount tillie in my smbmt script with the line:
>> smbmount //tillie/all  /mnt/tillie
>> which picks up the $USER.
>> So if I run the script as $USER=root I'm root, otherwise a user even 
>> though my $UID=0 when I su to run the script and smbmount.
>>
>> I wish there was some way to "su" into a share but haven't seen it yet.
>>
> 
> Well for me, its fire up PuTTy; www.chiark.greenend.org.uk/~sgtatham/putty/
> ssh server, log in as me,
> su
> and you are in.

I haven't done much PuTTy yet.  At this point I'm trying to access all 
shares from the Linux boxes.  I'm on a compaign to eliminate all Windows 
computers from my house except one or two, including changing out my 
wife's to a Mac.  Most of my computing time is spent at one Linux box 
and I only access the Windows boxen by cli to transfer a few files and 
to backup.

>>> Aside: Next time you are at the Salt Lick in Driftwood, don't forget 
>>> to order the blueberry cobbler and vanilla ice cream desert. Yes, 
>>> after the family style all you can eat, it will hurt, but it is worth 
>>> it...
>>
>> Ahh, Salt Lick.  I live close by, off Camp Ben Macoulough Rd about two 
>> miles from Hwy 290 West so I've been there more times than is good for 
>> me <g>
>>
>> Come to town some town and I'll treat you.  I'm in the book.
>>
> 
> You are on! Both grand parents lived in Austin. 1807 Pearl, and the 
> other in Jonestown on lake Travis. Ahh the days, the hike-n-bike, the 
> lake, chasing squirrels with bb guns in Pease Park, Barton Springs 
> (before it was topless), Town Lake.....

Austin is a really lovely town that I found after a few years of 'city 
shopping' with my wife.  I'll look forward to meeting you.  It's 
probably best to give me some advance notice if you can but feel free to 
call any time.

Larry

> -- 
> David C. Rankin, J.D., P.E.
> RANKIN LAW FIRM, PLLC
> 510 Ochiltree Street
> Nacogdoches, Texas 75961
> (936) 715-9333
> (936) 715-9339 fax
> www.rankinlawfirm.com


-- 
Larry Alkoff N2LA - Austin TX
Using Thunderbird on Slackware Linux

More information about the samba mailing list