[Samba] Re: smbusers and root privs
Felipe Augusto van de Wiel
felipe at paranacidade.org.br
Wed Sep 13 13:19:52 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
On 09/12/2006 01:31 PM, reader at newsguy.com escreveu:
> Felipe Augusto van de Wiel <felipe at paranacidade.org.br> writes:
>>>Harry is a member of the Administrators group and user accounts on the
>>>windows xp pro machine. I see nothing called
>>>`Domain Administrators' in the windows dialog for users and groups.
>> Domain Adminitrators is a group on networks that has a
>>domain properly configured.
>>>Harry has no account on the linux machine. Hence the need to map to a
>>>unix user account.
>> "admin users" and "root" (usermap) parameters has a
>>special combination according to your security parameter,
>>it is documented in the smb.conf the different situations.
> The only mentions so `root' in my smb.conf.example are in regards to
> setting up some kind of ldap situtaion or in regards to printing.
> Neither is what I'm attempting to do.
Then, you should start using 'man smb.conf' instead of
reading a .example made by someone else.
> What do you mean by `your security parameter' above?
I mean exactly what you read, you have a parameter
called 'security' and you should set it in someway. Check
smb.conf manpage for more details or the official Samba
>>>It is not at all clear what I would need to do with `net groupmap'.
>> 'net groupmap' is the recommended way to have Domain
>>Administrators working on a Domain Network, but looks like it
>>is not your case.
>>>Can you be a bit more specific?
>> It is not clear why do you want a root/Admin user in
>>a network that looks like to have share as security parameter.
>>Anyway, we probably need your smb.conf and a relevant part of
>>the log with loglevel/debuglevel increased.
> What do you mean by `have share as security parameter' here?
security = share
> As posted in OP, security is not much of a factor here since I am the
> only user of either windows or unix machines on the network. It is a
> home network where I am the sole user and environmental security
> factors are nearly non-existent.
So, you should use the above parameter and stop with
the "overengineering" of having maps of usermaps to have root
> I want my windows user to have root access to anything on the linux
> machine. The whole machine is shared thru samba, starting at `/'.
Sorry, anything is not possible. There are a few itens
that you are not going to be able to access even if you are root.
'security = share' with a global write privilege will make what
> The whole of the windows machines are shared on the hard drive level.
> My linux user has complete access to the windows machines. I want my
> windows user to have complete access to linux machines.
> Partial smb.conf:
I hope this helps.
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba