On Wed, 2002-11-13 at 14:48, Mihail S. Dorofeev wrote: > Hi All! > I have Samba 2.2.6 installed on Solaris 8 SPARC. Samba is authenticating > users against LDAP (Netscape Directory Server 4.12) > > One of my directories has rights as following (using synonyms): > > d rwx r-x --- owner : growner VOL5 > > I have another user USER1 whose primary group membership is GROUP1, > supplementary groupmembership GROWNER. > > My Samba config follows: > > [VOL5] > path = /export/home/VOL5 > valid users = +GROWNER > admin users = USER1 > read only = No > > The user USER1 ___CAN___ write to VOL5 share! although it actually DOES NOT > have UNIX rights to do this!!!! > All other users who are members of GROWNER ___CAN NOT____ write to VOL5. > > Regarding this there are two questions: > > 1. Once Samba has authenticated a user successfully DOES it then check Unix > user permissions ? (I assume - YES) > 1a. Then WHY does it allow the user USER1 to write to VOL5 ? Does ___ADMIN > USER___ privilege override normal Unix permissions ???
Yes. As per the documentation, 'admin users' makes a user root. I think this is even in the FAQ now. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
