[Samba] Re: smbusers and root privs

Felipe Augusto van de Wiel felipe at paranacidade.org.br
Wed Sep 13 13:19:52 GMT 2006

Hash: SHA1

On 09/12/2006 01:31 PM, reader at newsguy.com escreveu:
> Felipe Augusto van de Wiel <felipe at paranacidade.org.br> writes:
>>>Harry is a member of the Administrators group and user accounts on the
>>>windows xp pro machine.  I see nothing called 
>>>`Domain Administrators' in the windows dialog for users and groups.
>>	Domain Adminitrators is a group on networks that has a
>>domain properly configured.
>>>Harry has no account on the linux machine.  Hence the need to map to a
>>>unix user account.  
>>	"admin users" and "root" (usermap) parameters has a
>>special combination according to your security parameter,
>>it is documented in the smb.conf the different situations.
> The only mentions so `root' in my smb.conf.example are in regards to
> setting up some kind of ldap situtaion or in regards to printing.
> Neither is what I'm attempting to do.

	Then, you should start using 'man smb.conf' instead of
reading a .example made by someone else.

> What do you mean by `your security parameter' above?

	I mean exactly what you read, you have a parameter
called 'security' and you should set it in someway. Check
smb.conf manpage for more details or the official Samba

>>>It is not at all clear what I would need to do  with `net groupmap'.
>>	'net groupmap' is the recommended way to have Domain
>>Administrators working on a Domain Network, but looks like it
>>is not your case.
>>>Can you be a bit more specific?
>>	It is not clear why do you want a root/Admin user in
>>a network that looks like to have share as security parameter.
>>Anyway, we probably need your smb.conf and a relevant part of
>>the log with loglevel/debuglevel increased.
> What do you mean by `have share as security parameter' here?

	security = share

> As posted in OP, security is not much of a factor here since I am the
> only user of either windows or unix machines on the network.  It is a
> home network where I am the sole user and environmental security
> factors are nearly non-existent.

	So, you should use the above parameter and stop with
the "overengineering" of having maps of usermaps to have root

> I want my windows user to have root access to anything on the linux
> machine.  The whole machine is shared thru samba, starting at `/'.

	Sorry, anything is not possible. There are a few itens
that you are not going to be able to access even if you are root.
'security = share' with a global write privilege will make what
you want.

> The whole of the windows machines are shared on the hard drive level.
> My linux user has complete access to the windows machines.  I want my
> windows user to have complete access to linux machines.
> =================
> Partial smb.conf:

	I hope this helps.

	Kind regards,

- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org


More information about the samba mailing list