[Samba] Samba Permission Combination Conflict And Priority
- Date: Wed, 5 Apr 2017 08:36:25 +0000
- From: 刘浪 via samba <samba@xxxxxxxxxxxxxxx>
- Subject: [Samba] Samba Permission Combination Conflict And Priority
I am a samba new user. When a share for user has one permission, it is OK. When a share for user has permission combination, there is something different in my thought.
In Linux user system, a user can belong to multiple groups. For example:
The user (uf) belongs to multiple groups (g_full and g_read)
[root@node-107-174 /]# id 1017
uid=1017(uf) gid=1017(g_full) groups=1017(g_full),1018(g_read)
my samba config file content:
workgroup = SAMBA
security = user
passdb backend = tdbsam
path = /dsf
read list = @g_read
valid users = @g_full @g_read
admin users = @g_full
according to https://www.samba.org/samba/docs/using_samba/ch09.html
1. the user uf in groups g_read and g_full，means it has read only and root permission, I think the user uf will has root permission,
but actually, the user uf only has read only permission, can not write.
In a word, when the user in read list and admin users, the user only has read only permission. [I think the user will has root permission, but something different]
In my thought，permission conflict priority:
invalid users > admin users > write list > read lists
But this situation is not ok.
2. Another situation, When the user in read list, write list, and admin users, the user has root permission. [This situation is ok]
[root@node-107-174 /]# uname -a
Linux node-107-174 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
[root@node-107-174 /]# rpm -qa | grep samba
Look forward to your reply，Thank you very much.
This message and its attachments may contain communications, work product or other information which are private, confidential or privileged. Any disclosure, coping, distribution and use of the contents of this message and/or its attachments is prohibited unless specifically authorized by the EISOO in writing, If you find that you are not one of the intended recipients of this message, please immediately contact us by e-mail (its@xxxxxxxxx) or by telephone (021-54222601) and delete this message and all of its attachments whether in electronic or in hard copy format. Thank you.
To unsubscribe from this list go to the following URL and read the