[Samba] access "claim types"
Stefan G. Weichinger
lists at xunil.at
Mon Feb 13 15:47:33 UTC 2023
Am 13.02.23 um 14:22 schrieb Rowland Penny via samba:
>
>
> On 13/02/2023 13:04, Stefan G. Weichinger via samba wrote:
>
>> I am a bit confused right now (maybe always): you told me
>> "Administrator shouldn't own anything on Unix"
>
> From the Unix end, you should never find Administrator owning anything.
> This is because, as my example showed. as a Unix use, Administrator is
> just a normal, unprivileged user e.g. my example Unix Administrator had
> the ID 10500.
>
>>
>> So I assumed the chown should be "chown -R root:10512 mytestshare" ?
>
> Exactly, the Unix admin user is 'root'.
>
>>
>> All the samba shares on this server are located in "/mnt/MSA2040/smb",
>> this dir belongs to "0 0" now according to "ls -n".
>>
>> I see some mapping in the conf:
>>
>> # grep mapp smb.conf
>> username map = /etc/samba/samba_usermapping
>>
>> # cat samba_usermapping
>> !root = DOMAIN\Administrator DOMAIN\administrator
>>
>> I can't remember if I added this and why ... or if it is something old
>> from their former linux admin.
>
>
> I have no idea if you created it or not, I wasn't there at the time ;-)
>
> What the user.map does, it takes the user on the righthand side,
> 'Administrator' and maps it the user on the lefthand side, 'root'
>
> What this means in practise is that whenever Administrator connects to
> Samba, it becomes root, with the privileges that root has.
>
> So never use Administrator on Unix, use root, but from Windows you can
> safely use Administrator.
So my test-dir is chowned correctly as far as I understand, BUT I get
that warning. Do you agree?
More information about the samba
mailing list