[Samba] permission puzzle

Wes Deviers wdevie at hrcsb.org
Wed Mar 26 20:58:20 GMT 2008


That's expected behavior if I'm reading your description correctly.  When you 
do the initial CIFS mount using -o username, you're associating that username 
with the connection via the Linux kernel, not via any type of samba VFS 
layer.  So no matter how the machine accesses it (samba, NFS, shell, FTP 
server) it's always going to be associated using username=marc.  

You then connect to the smb share as "jim", but as far as smbfs/cifsFS is 
concerned, you're constantly connected to the Windows machine as "marc".  
There's two authentications going on, and neither are related at all.  You're 
assuming there's some sort of authentication "pass through" when there isn't 
(by design).

If you turned on anonymous access via FTP, you'd also find that you could 
write to /cddrive via the FTP server as well. : )

Wes



On Wed 26 Mar  2008 4:39:17 pm Marc Fromm wrote:
> I created a share on windows with a windows user marc having access to
> the share.
>
> On the Linux machine I created two samba users marc and jim with
> associated Linux accounts marc and jim.
>
> On Linux I connect to the share on windows with the windows user marc
> mount -t cifs //140.160.42.58/shareonwindows /cddrive -o username=marc
>
> I made cddrive a samba share on the Linux box by entering it into the
> smb.conf file
>
> On a second windows computer I map a network drive to the cddrive samba
> share on Linux using the samba user marc. User marc can create and
> delete files.
>
> Here is the puzzle:
> On the second windows computer I can map a network drive to the cddrive
> samba share on Linux using the samba user jim and create and delete
> files.
> There is not a jim account on the windows computer where the windows
> share is located. If I adjust the share settings on the windows share
> for the windows user marc, both samba users marc and jim are affected
> equally. Example: on the windows share I only allow marc to read, then
> neither samba marc nor jim on the second windows computer can create a
> file.
>
> Marc
>
>
>
>
> Marc Fromm
> Information Technology Specialist II
> Financial Aid Department
> Western Washington University
> Phone: 360-650-3351
> Fax:   360-788-0251




More information about the samba mailing list