Quantcast

Samba Permission Combination Conflict And Priority

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Samba Permission Combination Conflict And Priority

Samba - General mailing list
Dear Engineers,

I am a samba new user.  When a share for user has one permission, it is OK. When a share for user has permission combination,  there is something different in my thought.

In Linux user system,  a user can belong to multiple groups. For example:
The user (uf)  belongs to multiple groups (g_full and g_read)
[root@node-107-174 /]# id 1017
uid=1017(uf) gid=1017(g_full) groups=1017(g_full),1018(g_read)
my samba config file content:
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam

[dsf]
path = /dsf
read list = @g_read
valid users = @g_full @g_read
admin users = @g_full

according to ​https://www.samba.org/samba/docs/using_samba/ch09.html
1. the user uf in groups g_read and g_full,means it has read only and root permission, I think the user uf will has root permission,
but actually, the user uf only has read only permission, can not write.
In a word​, when the user in read list and admin users, the user only has read only permission. [I think the user will has root permission, but something different]

In my thought,permission conflict priority:
invalid users​ > admin users > write list > read lists

But this situation is not ok.

2. Another situation, When the user in read list, write list, and admin users, the user has root permission. [This situation is ok]




Auxiliary information:
[root@node-107-174 /]# uname -a
Linux node-107-174 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
[root@node-107-174 /]# rpm -qa | grep samba
samba-client-libs-4.5.1-1.el7.centos.x86_64
samba-common-tools-4.5.1-1.el7.centos.x86_64
samba-common-4.5.1-1.el7.centos.noarch
samba-libs-4.5.1-1.el7.centos.x86_64
samba-4.5.1-1.el7.centos.x86_64
samba-common-libs-4.5.1-1.el7.centos.x86_64


Look forward to your reply,Thank you very much.​


________________________________
免责声明

本邮件及其附件可能包含私有的、保密的或特权的交流、工作成果或其它信息。除非得到上海爱数信息技术股份有限公司的书面授权,任何披露、复制、分发或使用本邮件和/或附件中的任何内容都是不被允许的。如果您误收了本邮件,请立即通过邮件([hidden email])或电话(021-54222601)联系我们,并删除本邮件及其附件(无论电子版或打印版),谢谢!

This message and its attachments may contain communications, work product or other information which are private, confidential or privileged. Any disclosure, coping, distribution and use of the contents of this message and/or its attachments is prohibited unless specifically authorized by the EISOO in writing, If you find that you are not one of the intended recipients of this message, please immediately contact us by e-mail ([hidden email]) or by telephone (021-54222601) and delete this message and all of its attachments whether in electronic or in hard copy format. Thank you.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Samba Permission Combination Conflict And Priority

Samba - General mailing list
Check your dictionary permission please

On Wed, Apr 5, 2017, 16:42 刘浪 via samba <[hidden email]> wrote:

> Dear Engineers,
>
> I am a samba new user.  When a share for user has one permission, it is
> OK. When a share for user has permission combination,  there is something
> different in my thought.
>
> In Linux user system,  a user can belong to multiple groups. For example:
> The user (uf)  belongs to multiple groups (g_full and g_read)
> [root@node-107-174 /]# id 1017
> uid=1017(uf) gid=1017(g_full) groups=1017(g_full),1018(g_read)
> my samba config file content:
> [global]
> workgroup = SAMBA
> security = user
> passdb backend = tdbsam
>
> [dsf]
> path = /dsf
> read list = @g_read
> valid users = @g_full @g_read
> admin users = @g_full
>
> according to ​https://www.samba.org/samba/docs/using_samba/ch09.html
> 1. the user uf in groups g_read and g_full,means it has read only and root
> permission, I think the user uf will has root permission,
> but actually, the user uf only has read only permission, can not write.
> In a word​, when the user in read list and admin users, the user only has
> read only permission. [I think the user will has root permission, but
> something different]
>
> In my thought,permission conflict priority:
> invalid users​ > admin users > write list > read lists
>
> But this situation is not ok.
>
> 2. Another situation, When the user in read list, write list, and admin
> users, the user has root permission. [This situation is ok]
>
>
>
>
> Auxiliary information:
> [root@node-107-174 /]# uname -a
> Linux node-107-174 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC
> 2015 x86_64 x86_64 x86_64 GNU/Linux
> [root@node-107-174 /]# rpm -qa | grep samba
> samba-client-libs-4.5.1-1.el7.centos.x86_64
> samba-common-tools-4.5.1-1.el7.centos.x86_64
> samba-common-4.5.1-1.el7.centos.noarch
> samba-libs-4.5.1-1.el7.centos.x86_64
> samba-4.5.1-1.el7.centos.x86_64
> samba-common-libs-4.5.1-1.el7.centos.x86_64
>
>
> Look forward to your reply,Thank you very much.​
>
>
> ________________________________
> 免责声明
>
>
> 本邮件及其附件可能包含私有的、保密的或特权的交流、工作成果或其它信息。除非得到上海爱数信息技术股份有限公司的书面授权,任何披露、复制、分发或使用本邮件和/或附件中的任何内容都是不被允许的。如果您误收了本邮件,请立即通过邮件(
> [hidden email])或电话(021-54222601)联系我们,并删除本邮件及其附件(无论电子版或打印版),谢谢!
>
> This message and its attachments may contain communications, work product
> or other information which are private, confidential or privileged. Any
> disclosure, coping, distribution and use of the contents of this message
> and/or its attachments is prohibited unless specifically authorized by the
> EISOO in writing, If you find that you are not one of the intended
> recipients of this message, please immediately contact us by e-mail (
> [hidden email]) or by telephone (021-54222601) and delete this message and
> all of its attachments whether in electronic or in hard copy format. Thank
> you.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Loading...