[Samba] Samba Permission Combination Conflict And Priority

[刘浪]

Hi，



I am a samba new user.  When a share for user has one permission, it is OK. When a share for user has permission combination,  there is something different in my thought.


In Linux user system,  a user can belong to multiple groups. For example:
The user (uf)  belongs to multiple groups (g_full and g_read)

[root at node-107-174 /]# id 1017

uid=1017(uf) gid=1017(g_full) groups=1017(g_full),1018(g_read)
my samba config file content:
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam


[dsf]
path = /dsf
read list = @g_read
valid users = @g_full @g_read
admin users = @g_full



according to https://www.samba.org/samba/docs/using_samba/ch09.html
1. the user uf in groups g_read and g_full，means it has read only and root permission, I think the user uf will has root permission,
but actually, the user uf only has read only permission, can not write.
In a word, when the user in read list and admin users, the user only has read only permission. [I think the user will has root permission, but something different]


In my thought，permission conflict priority:
invalid users > admin users > write list > read lists



But this situation is not ok.


2. Another situation, When the user in read list, write list, and admin users, the user has root permission. [This situation is ok]





 
Auxiliary information：
[root at node-107-174 /]# uname -a
Linux node-107-174 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

[root at node-107-174 /]# rpm -qa | grep samba

samba-client-libs-4.5.1-1.el7.centos.x86_64

samba-common-tools-4.5.1-1.el7.centos.x86_64
samba-common-4.5.1-1.el7.centos.noarch
samba-libs-4.5.1-1.el7.centos.x86_64
samba-4.5.1-1.el7.centos.x86_64
samba-common-libs-4.5.1-1.el7.centos.x86_64




Look forward to your reply，Thank you very much.



                                                                                                                Lang Liu