Re: [Samba] Re: domain administrator is always mapped to root
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Florian Effenberger wrote: | Hi Michael, | | 2) Anyone who is a Samba Domain Admin will cause things in the log to | equate the user to being the root user. Just how Samba thinks about | things. | | | okay. Any chance to get that fixed by the Samba development | team? :-) The admin users option was never meant to control permissions for things like adding users on the Samba server, etc... So what you have now is behavior by design. I'm working on a new feature that will allow you to define rights for certain groups such as 'add computers to domain', 'restart server', etc I just keep getting sidetracked with other things. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB3DQHIR7qMdg1EfYRAla2AKDpIV6gTl7jXxf/SLL3CM+3qiNIcwCgklf8 jb13ou5eJ8Yq8n/kPCStoS0= =7IAc -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: domain administrator is always mapped to root
On Wed, 05 Jan 2005 12:37:59 -0600, Gerald (Jerry) Carter wrote: Florian Effenberger wrote: | Hi Michael, | | 2) Anyone who is a Samba Domain Admin will cause things in the log to | equate the user to being the root user. Just how Samba thinks about | things. | | | okay. Any chance to get that fixed by the Samba development | team? :-) The admin users option was never meant to control permissions for things like adding users on the Samba server, etc... So what you have now is behavior by design. I'm working on a new feature that will allow you to define rights for certain groups such as 'add computers to domain', 'restart server', etc I just keep getting sidetracked with other things. He was noticing that within the Samba logs you can see Samba realize that user xxx is a domain admin, thus shift to calling user xxx by the userid root. Thus files saved on the Samba share by a domain admin user show up as root owning them on the Linux filesystem. Any simple explanation why that behavior is withing the Samba code? Thanks! Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: domain administrator is always mapped to root
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Lueck wrote: | On Wed, 05 Jan 2005 12:37:59 -0600, Gerald (Jerry) Carter wrote: | | |Florian Effenberger wrote: || Hi Michael, || || 2) Anyone who is a Samba Domain Admin will cause things in the log to || equate the user to being the root user. Just how Samba thinks about || things. || || || okay. Any chance to get that fixed by the Samba development || team? :-) | | The admin users option was never meant to control permissions | for things like adding users on the Samba server, etc... | So what you have now is behavior by design. I'm working on | a new feature that will allow you to define rights for certain | groups such as 'add computers to domain', 'restart server', | etc I just keep getting sidetracked with other things. | | | He was noticing that within the Samba logs you can see | Samba realize that user xxx is a domain admin, thus shift | to calling user xxx by the userid root. Thus files saved | on the Samba share by a domain admin user show up as root | owning them on the Linux filesystem. Any simple explanation | why that behavior is withing the Samba code? a domain admin != admin user. You'll have to show me a log that proves smbd is giving root privileges to a user list as a domain admin but not an admin user. And if you do, please send the evidence to [EMAIL PROTECTED] I've got working setups that never exhibit the behavior described in the original mail. So I'm finding your claim a little hard to believe. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB3DzRIR7qMdg1EfYRAgMnAJ4pbzUCFdmyTwd+PoeCC4ivtygarwCeLR35 +mKqQCuuWUeE4bTXZOnyoCE= =FfLJ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: domain administrator is always mapped to root
domain admin and admin user are two different things. Look closely at the documentation. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Fri, 24 Dec 2004, Jim C. wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | root is root (Unix admin, Domain admin). tango is tango (NOT an Unix | admin, but Domain admin). Is there a technical necessity of mapping | tango to root? I surmise that in order to properly emulate Windows behavior Samba must do some of these things that we *nix guys find pesky. I imagine that the only way around this behaviour would probably include coming up with a special PAM module and that may be outside the scope of the Samba project. Otherwise you are going to need to be able to do root things like change passwords, delete users and stuff. Jim C. - -- - - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz| - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBzF1v57L0B7uXm9oRAs9rAJwJU0hmDHOdqGtWoeSNZ2XXYdDKJQCfaKWe 4zO74GZ30AyIDHYEt3pKy38= =4t7v -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: domain administrator is always mapped to root
Hi Jim, okay, I guess I got the point. :-) Florian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: domain administrator is always mapped to root
Hi Michael, 2) Anyone who is a Samba Domain Admin will cause things in the log to equate the user to being the root user. Just how Samba thinks about things. okay. Any chance to get that fixed by the Samba development team? :-) Florian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: domain administrator is always mapped to root
Florian Effenberger wrote: Hi Michael, 2) Anyone who is a Samba Domain Admin will cause things in the log to equate the user to being the root user. Just how Samba thinks about things. okay. Any chance to get that fixed by the Samba development team? :-) Get what fixed? The OS is Unix. The administrator IS root. What is there to fix? Florian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: domain administrator is always mapped to root
Hi, Get what fixed? The OS is Unix. The administrator IS root. What is there to fix? root is root (Unix admin, Domain admin). tango is tango (NOT an Unix admin, but Domain admin). Is there a technical necessity of mapping tango to root? Florian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: domain administrator is always mapped to root
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | root is root (Unix admin, Domain admin). tango is tango (NOT an Unix | admin, but Domain admin). Is there a technical necessity of mapping | tango to root? I surmise that in order to properly emulate Windows behavior Samba must do some of these things that we *nix guys find pesky. I imagine that the only way around this behaviour would probably include coming up with a special PAM module and that may be outside the scope of the Samba project. Otherwise you are going to need to be able to do root things like change passwords, delete users and stuff. Jim C. - -- - - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz| - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBzF1v57L0B7uXm9oRAs9rAJwJU0hmDHOdqGtWoeSNZ2XXYdDKJQCfaKWe 4zO74GZ30AyIDHYEt3pKy38= =4t7v -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: domain administrator is always mapped to root
Florian Effenberger wrote: I have found out that a domain administrator is always mapped to root in the UNIX filesystem: Yup, found that as well. It seems to be hard coded behavior in the Samba code. Even though it would make sense to never log in as root, you can not tell Samba root is an invalid user or you will not like the results. Been there, Done that... documented in the PDF as well. -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: domain administrator is always mapped to root
Hi Michael, Yup, found that as well. It seems to be hard coded behavior in the Samba code. Even though it would make sense to never log in as root, you can not tell Samba root is an invalid user or you will not like the results. Been there, Done that... documented in the PDF as well. @Samba team: is this by intense or is this a bug? I find it is a problem when you switch from Domain Admin to Domain User, as the unix permissions are wrong then... :) Florian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: domain administrator is always mapped to root
Florian Effenberger wrote: Is there any other way of having tango as domain admin than listing it as admin user? You mean to be a domain admin but not a Linux admin? 1) First, per my PDF and other docs that does not have to be a requirement. My configuration allows for Linux, Samba Domain, and Workstation permissions all to be administered individually from each otehr. 2) Anyone who is a Samba Domain Admin will cause things in the log to equate the user to being the root user. Just how Samba thinks about things. -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba