[Samba] Suggestion for clarification in the manual page for smb.conf re preexec & admin users

Andrew Bartlett abartlet at samba.org
Tue Feb 2 06:09:04 UTC 2021 

On Mon, 2021-02-01 at 13:33 +0000, Rowland penny via samba wrote:
> On 01/02/2021 13:09, Peter Eriksson wrote:
> > > On 1 Feb 2021, at 14:00, Rowland penny via samba <
> > > samba at lists.samba.org> wrote:
> > > 
> > > On 01/02/2021 12:42, Peter Eriksson via samba wrote:
> > > > I just noticed that ‘preexec’ scripts are run as the user
> > > > connecting. Unless that user is in the “admin users” list. Then
> > > > it will be run as user root…
> > > > 
> > > > Now, in retrospect this isn’t so surprising since ‘admin users’
> > > > will do all file operations as root but it still wasn’t obvious
> > > > to me from reading the manual page.
> > > > 
> > > > Perhaps adding a notice in the “admin users” section that it
> > > > not only affects file operations but also “preexec” (and
> > > > possibly “postexec” - haven’t tested that)?
> > > > (And also perhaps a notice under the “preexec” section)?
> > > > 
> > > > - Peter
> > > > 
> > > > 
> > > In a roundabout way it is documented in 'man smb.conf'. There is
> > > is also the 'root preexec' parameter and in 'man smb.conf' it
> > > says this:
> > > 
> > > This is the same as the preexec parameter except that the command
> > > is run as root.
> > > 
> > > Which implies that the 'preexec' is run as a normal user.
> > Yes - which is why I was a bit surprised when it ran the command as
> > root :-)
> > 
> > - Peter
> 
> Again I point you to 'man smb.conf' 😁
> 
>         admin users (S)
> 
>             This is a list of users who will be granted
> administrative
>             privileges on the share. This means that they will do all
> file
>             operations as the super-user (root).
> 
> Rowland

I don't think there is any dispute that this is behaving as designed or
documented, just that s/file operations/file operations and preexec
commands/ might be a useful change.

Andrew Bartlett
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

More information about the samba mailing list