"write list" overrides "read only" but "admin users" does not
Jeremy Allison
jra at samba.org
Mon Nov 17 22:41:18 GMT 2008
On Sat, Nov 15, 2008 at 04:43:07PM -0800, Steven Danneman wrote:
> I've noticed that in "security = user" (and probably ads) mode, that
> users added to the "write list" parameter override the "read only"
> parameter, and are allowed to write to that share. This is documented
> in the smb.conf man page.
>
> However, users added to the "admin users" parameter do not override the
> "read only" parameter and cannot write to that share. This seems
> semantically quite odd. Admin users, who will be set to UID root,
> should be allowed the same or more access as writers.
>
> Yes, the admin could just add the user to both lists, but that's
> non-intuitive.
>
> Does anybody know if there's a specific reason for this behavior? Will
> allowing "admin users" to override "read only" break anybody's workflow?
To be honest I think the current behavior is more intuitive.
"read only" and "write list" are parameters specific to read/write
access to the share. "admin users" is more about bypassing permissions
checks, not about overriding read/write access. IMHO setting "read only"
should make a share like a CDROM - even an admin user won't be able
to write to it. If you specifically want an admin user to write to
the share, you need to add them to the write list.
Just my 2cents.
Jeremy.
More information about the samba-technical
mailing list