[Samba] access "claim types"
Rowland Penny
rpenny at samba.org
Mon Feb 13 13:22:00 UTC 2023
On 13/02/2023 13:04, Stefan G. Weichinger via samba wrote:
> I am a bit confused right now (maybe always): you told me "Administrator
> shouldn't own anything on Unix"
From the Unix end, you should never find Administrator owning anything.
This is because, as my example showed. as a Unix use, Administrator is
just a normal, unprivileged user e.g. my example Unix Administrator had
the ID 10500.
>
> So I assumed the chown should be "chown -R root:10512 mytestshare" ?
Exactly, the Unix admin user is 'root'.
>
> All the samba shares on this server are located in "/mnt/MSA2040/smb",
> this dir belongs to "0 0" now according to "ls -n".
>
> I see some mapping in the conf:
>
> # grep mapp smb.conf
> username map = /etc/samba/samba_usermapping
>
> # cat samba_usermapping
> !root = DOMAIN\Administrator DOMAIN\administrator
>
> I can't remember if I added this and why ... or if it is something old
> from their former linux admin.
I have no idea if you created it or not, I wasn't there at the time ;-)
What the user.map does, it takes the user on the righthand side,
'Administrator' and maps it the user on the lefthand side, 'root'
What this means in practise is that whenever Administrator connects to
Samba, it becomes root, with the privileges that root has.
So never use Administrator on Unix, use root, but from Windows you can
safely use Administrator.
Rowland
More information about the samba
mailing list