Re: [Samba] Re: smbusers and root privs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/12/2006 01:31 PM, [EMAIL PROTECTED] escreveu: Felipe Augusto van de Wiel [EMAIL PROTECTED] writes: Harry is a member of the Administrators group and user accounts on the windows xp pro machine. I see nothing called `Domain Administrators' in the windows dialog for users and groups. Domain Adminitrators is a group on networks that has a domain properly configured. Harry has no account on the linux machine. Hence the need to map to a unix user account. admin users and root (usermap) parameters has a special combination according to your security parameter, it is documented in the smb.conf the different situations. The only mentions so `root' in my smb.conf.example are in regards to setting up some kind of ldap situtaion or in regards to printing. Neither is what I'm attempting to do. Then, you should start using 'man smb.conf' instead of reading a .example made by someone else. What do you mean by `your security parameter' above? I mean exactly what you read, you have a parameter called 'security' and you should set it in someway. Check smb.conf manpage for more details or the official Samba documentation. It is not at all clear what I would need to do with `net groupmap'. 'net groupmap' is the recommended way to have Domain Administrators working on a Domain Network, but looks like it is not your case. Can you be a bit more specific? It is not clear why do you want a root/Admin user in a network that looks like to have share as security parameter. Anyway, we probably need your smb.conf and a relevant part of the log with loglevel/debuglevel increased. What do you mean by `have share as security parameter' here? security = share As posted in OP, security is not much of a factor here since I am the only user of either windows or unix machines on the network. It is a home network where I am the sole user and environmental security factors are nearly non-existent. So, you should use the above parameter and stop with the overengineering of having maps of usermaps to have root privileges. I want my windows user to have root access to anything on the linux machine. The whole machine is shared thru samba, starting at `/'. Sorry, anything is not possible. There are a few itens that you are not going to be able to access even if you are root. 'security = share' with a global write privilege will make what you want. The whole of the windows machines are shared on the hard drive level. My linux user has complete access to the windows machines. I want my windows user to have complete access to linux machines. = Partial smb.conf: [...] I hope this helps. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCAV4Cj65ZxU4gPQRAp83AKCo3ivm7ZFU1Mq/esuHUbzX8s9llwCeOWtF DT/MODd7tl6zYklOrre1OSw= =gjME -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: smbusers and root privs
Felipe Augusto van de Wiel [EMAIL PROTECTED] writes: admin users and root (usermap) parameters has a special combination according to your security parameter, it is documented in the smb.conf the different situations. The only mentions so `root' in my smb.conf.example are in regards to setting up some kind of ldap situtaion or in regards to printing. Neither is what I'm attempting to do. Then, you should start using 'man smb.conf' instead of reading a .example made by someone else. Sorry but you did tell me to look in smb.conf for an example. And using man smb.conf is not really all that usefull unless you are a developer or someone who already thoroughly understands samba and only needs to be `reminded' of something. What do you mean by `your security parameter' above? I mean exactly what you read, you have a parameter called 'security' and you should set it in someway. Check smb.conf manpage for more details or the official Samba documentation. OK, finally it soaks thru my thick skull. My own usage of the english language is pretty terrrible while yours is very precise. I had a little trouble following your more correct usage. What do you mean by `have share as security parameter' here? security = share [...] I want my windows user to have root access to anything on the linux machine. The whole machine is shared thru samba, starting at `/'. Sorry, anything is not possible. There are a few itens that you are not going to be able to access even if you are root. 'security = share' with a global write privilege will make what you want. Ok, got it finally... thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: smbusers and root privs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/11/2006 12:31 PM, [EMAIL PROTECTED] escreveu: Felipe Augusto van de Wiel [EMAIL PROTECTED] writes: On 09/08/2006 08:26 PM, [EMAIL PROTECTED] escreveu: Running samba-3.0.23c on Genoo linux Is it possible with smbusers to allow a windows user to have root privleges on a linux share? A stock install of samba on Gentoo ends up with an /etc/samba/smbusers file that contains this mapping: root = administrator admin It appears then that other windows users could as well be mapped to root like: root = administrator admin harry and since I am the only user on either linux or windows on this home network I'd like to map windows user harry to root but the above example does not accomplish that. Is there something else required? Did you tried to add harry to the Domain Administrators Group? (And you need netgroupmap configured to use that). Harry is a member of the Administrators group and user accounts on the windows xp pro machine. I see nothing called `Domain Administrators' in the windows dialog for users and groups. Domain Adminitrators is a group on networks that has a domain properly configured. Harry has no account on the linux machine. Hence the need to map to a unix user account. admin users and root (usermap) parameters has a special combination according to your security parameter, it is documented in the smb.conf the different situations. It is not at all clear what I would need to do with `net groupmap'. 'net groupmap' is the recommended way to have Domain Administrators working on a Domain Network, but looks like it is not your case. Can you be a bit more specific? It is not clear why do you want a root/Admin user in a network that looks like to have share as security parameter. Anyway, we probably need your smb.conf and a relevant part of the log with loglevel/debuglevel increased. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFBrzKCj65ZxU4gPQRAioBAJwJgLwv/cWaZlc0yjwqfJlHIHxoKQCdGebT MFJ3VhOqOOriEFs+bU8X3/E= =+02h -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: smbusers and root privs
Felipe Augusto van de Wiel [EMAIL PROTECTED] writes: Harry is a member of the Administrators group and user accounts on the windows xp pro machine. I see nothing called `Domain Administrators' in the windows dialog for users and groups. Domain Adminitrators is a group on networks that has a domain properly configured. Harry has no account on the linux machine. Hence the need to map to a unix user account. admin users and root (usermap) parameters has a special combination according to your security parameter, it is documented in the smb.conf the different situations. The only mentions so `root' in my smb.conf.example are in regards to setting up some kind of ldap situtaion or in regards to printing. Neither is what I'm attempting to do. What do you mean by `your security parameter' above? It is not at all clear what I would need to do with `net groupmap'. 'net groupmap' is the recommended way to have Domain Administrators working on a Domain Network, but looks like it is not your case. Can you be a bit more specific? It is not clear why do you want a root/Admin user in a network that looks like to have share as security parameter. Anyway, we probably need your smb.conf and a relevant part of the log with loglevel/debuglevel increased. What do you mean by `have share as security parameter' here? As posted in OP, security is not much of a factor here since I am the only user of either windows or unix machines on the network. It is a home network where I am the sole user and environmental security factors are nearly non-existent. I want my windows user to have root access to anything on the linux machine. The whole machine is shared thru samba, starting at `/'. The whole of the windows machines are shared on the hard drive level. My linux user has complete access to the windows machines. I want my windows user to have complete access to linux machines. = Partial smb.conf: [global] workgroup = HOME server string = printcap name = cups load printers = yes printing = cups printer admin = @adm log file = /var/log/samba/log.%m max log size = 50 log level = 7 map to guest = bad user security = user encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = yes writable = no printable = yes create mode = 0700 print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers. [print$] path = /var/lib/samba/printers browseable = yes read only = yes write list = @adm root guest ok = yes [smWinBk] comment = valid users = reader Harry path = /anex2/win_bk/ writeable = yes guest ok = yes [smUsrLocal] comment = valid users = reader Harry path = /usr/local writeable = yes guest ok = yes [smRootHome] comment = valid users = reader Harry path = /root writeable = yes guest ok = yes [smRoot] comment = valid users = reader Harry path = / writeable = yes guest ok = yes [smReader] comment = valid users = reader Harry path = /home/reader writeable = yes guest ok = yes [smPub] comment = valid users = reader harry path = /pub writeable = yes guest ok = yes == smbusers: root = administrator admin harry Harry reader nobody = guest pcguest smbguest reader = harry Harry = log extract: I hope this is the relevant part. I cranked log level up to 7 and its hard to tell what might be usefull. I've posted a small snippet below but have put the entire ouput of one failure at: http://www.jtan.com/~reader/smb.log To try to give you a head start, what I did was try to access /root on the linux box from a windows machine, logged in there as user harry. I started by rm -f /var/log/samba/log.chub. Then made my attempt from chub (a windows machine). The log produced by that one attempt is what is posted on line at above address. A partial extract is posted here: == [...] [2006/09/12 11:11:39, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 3652) conn 0x803f2198 [2006/09/12 11:11:39, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/09/12 11:11:39, 3] smbd/trans2.c:call_trans2findfirst(1662) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 2 requires_resume_key = 4 level = 0x104, max_data_bytes = 16384 [2006/09/12 11:11:39, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path:
[Samba] Re: smbusers and root privs
Felipe Augusto van de Wiel [EMAIL PROTECTED] writes: On 09/08/2006 08:26 PM, [EMAIL PROTECTED] escreveu: Running samba-3.0.23c on Genoo linux Is it possible with smbusers to allow a windows user to have root privleges on a linux share? A stock install of samba on Gentoo ends up with an /etc/samba/smbusers file that contains this mapping: root = administrator admin It appears then that other windows users could as well be mapped to root like: root = administrator admin harry and since I am the only user on either linux or windows on this home network I'd like to map windows user harry to root but the above example does not accomplish that. Is there something else required? Did you tried to add harry to the Domain Administrators Group? (And you need netgroupmap configured to use that). Kind regards, Is this required when not using domains in the network setup? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: smbusers and root privs
Felipe Augusto van de Wiel [EMAIL PROTECTED] writes: On 09/08/2006 08:26 PM, [EMAIL PROTECTED] escreveu: Running samba-3.0.23c on Genoo linux Is it possible with smbusers to allow a windows user to have root privleges on a linux share? A stock install of samba on Gentoo ends up with an /etc/samba/smbusers file that contains this mapping: root = administrator admin It appears then that other windows users could as well be mapped to root like: root = administrator admin harry and since I am the only user on either linux or windows on this home network I'd like to map windows user harry to root but the above example does not accomplish that. Is there something else required? Did you tried to add harry to the Domain Administrators Group? (And you need netgroupmap configured to use that). Harry is a member of the Administrators group and user accounts on the windows xp pro machine. I see nothing called `Domain Administrators' in the windows dialog for users and groups. Harry has no account on the linux machine. Hence the need to map to a unix user account. It is not at all clear what I would need to do with `net groupmap'. Can you be a bit more specific? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba