[Samba] Samba Permission Combination Conflict And Priority

刘浪 liu.lang at eisoo.com
Wed Apr 5 08:36:25 UTC 2017

Dear Engineers,

I am a samba new user.  When a share for user has one permission, it is OK. When a share for user has permission combination,  there is something different in my thought.

In Linux user system,  a user can belong to multiple groups. For example:
The user (uf)  belongs to multiple groups (g_full and g_read)
[root at node-107-174 /]# id 1017
uid=1017(uf) gid=1017(g_full) groups=1017(g_full),1018(g_read)
my samba config file content:
workgroup = SAMBA
security = user
passdb backend = tdbsam

path = /dsf
read list = @g_read
valid users = @g_full @g_read
admin users = @g_full

according to ​https://www.samba.org/samba/docs/using_samba/ch09.html
1. the user uf in groups g_read and g_full,means it has read only and root permission, I think the user uf will has root permission,
but actually, the user uf only has read only permission, can not write.
In a word​, when the user in read list and admin users, the user only has read only permission. [I think the user will has root permission, but something different]

In my thought,permission conflict priority:
invalid users​ > admin users > write list > read lists

But this situation is not ok.

2. Another situation, When the user in read list, write list, and admin users, the user has root permission. [This situation is ok]

Auxiliary information:
[root at node-107-174 /]# uname -a
Linux node-107-174 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
[root at node-107-174 /]# rpm -qa | grep samba

Look forward to your reply,Thank you very much.​


本邮件及其附件可能包含私有的、保密的或特权的交流、工作成果或其它信息。除非得到上海爱数信息技术股份有限公司的书面授权,任何披露、复制、分发或使用本邮件和/或附件中的任何内容都是不被允许的。如果您误收了本邮件,请立即通过邮件(its at eisoo.com)或电话(021-54222601)联系我们,并删除本邮件及其附件(无论电子版或打印版),谢谢!

This message and its attachments may contain communications, work product or other information which are private, confidential or privileged. Any disclosure, coping, distribution and use of the contents of this message and/or its attachments is prohibited unless specifically authorized by the EISOO in writing, If you find that you are not one of the intended recipients of this message, please immediately contact us by e-mail (its at eisoo.com) or by telephone (021-54222601) and delete this message and all of its attachments whether in electronic or in hard copy format. Thank you.

More information about the samba mailing list