Web lists-archives.com

Re: [Samba] Samba Permission Combination Conflict And Priority




Check your dictionary permission please

On Wed, Apr 5, 2017, 16:42 刘浪 via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Dear Engineers,
>
> I am a samba new user.  When a share for user has one permission, it is
> OK. When a share for user has permission combination,  there is something
> different in my thought.
>
> In Linux user system,  a user can belong to multiple groups. For example:
> The user (uf)  belongs to multiple groups (g_full and g_read)
> [root@node-107-174 /]# id 1017
> uid=1017(uf) gid=1017(g_full) groups=1017(g_full),1018(g_read)
> my samba config file content:
> [global]
> workgroup = SAMBA
> security = user
> passdb backend = tdbsam
>
> [dsf]
> path = /dsf
> read list = @g_read
> valid users = @g_full @g_read
> admin users = @g_full
>
> according to ​https://www.samba.org/samba/docs/using_samba/ch09.html
> 1. the user uf in groups g_read and g_full,means it has read only and root
> permission, I think the user uf will has root permission,
> but actually, the user uf only has read only permission, can not write.
> In a word​, when the user in read list and admin users, the user only has
> read only permission. [I think the user will has root permission, but
> something different]
>
> In my thought,permission conflict priority:
> invalid users​ > admin users > write list > read lists
>
> But this situation is not ok.
>
> 2. Another situation, When the user in read list, write list, and admin
> users, the user has root permission. [This situation is ok]
>
>
>
>
> Auxiliary information:
> [root@node-107-174 /]# uname -a
> Linux node-107-174 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC
> 2015 x86_64 x86_64 x86_64 GNU/Linux
> [root@node-107-174 /]# rpm -qa | grep samba
> samba-client-libs-4.5.1-1.el7.centos.x86_64
> samba-common-tools-4.5.1-1.el7.centos.x86_64
> samba-common-4.5.1-1.el7.centos.noarch
> samba-libs-4.5.1-1.el7.centos.x86_64
> samba-4.5.1-1.el7.centos.x86_64
> samba-common-libs-4.5.1-1.el7.centos.x86_64
>
>
> Look forward to your reply,Thank you very much.​
>
>
> ________________________________
> 免责声明
>
>
> 本邮件及其附件可能包含私有的、保密的或特权的交流、工作成果或其它信息。除非得到上海爱数信息技术股份有限公司的书面授权,任何披露、复制、分发或使用本邮件和/或附件中的任何内容都是不被允许的。如果您误收了本邮件,请立即通过邮件(
> its@xxxxxxxxx)或电话(021-54222601)联系我们,并删除本邮件及其附件(无论电子版或打印版),谢谢!
>
> This message and its attachments may contain communications, work product
> or other information which are private, confidential or privileged. Any
> disclosure, coping, distribution and use of the contents of this message
> and/or its attachments is prohibited unless specifically authorized by the
> EISOO in writing, If you find that you are not one of the intended
> recipients of this message, please immediately contact us by e-mail (
> its@xxxxxxxxx) or by telephone (021-54222601) and delete this message and
> all of its attachments whether in electronic or in hard copy format. Thank
> you.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba