> From: Volker Lendecke [mailto:volker.lende...@sernet.de] > > On Sun, Jul 21, 2013 at 01:34:23AM -0700, Paul D. DeRocco wrote: > > You completely misunderstood my question. I'm asking > something much simpler > > and more basic than all that. What's an SMB password for, > and how does it > > relate to a Unix password? > > With the Samba password stored on the server a client can > convince the Samba server about it's identity. That's called > authentication. The Samba password has no relationship at > all to the unix password, it is a completely separate thing. > > > Here's the situation. I have a directory on a machine, and > the files in it > > are created by a service which runs as root, so the files > are owned by root > > and only locally accessible to root. I need to make this directory > > You could set up a normal Samba server, and for this > particular share use "force user = root". Be aware this > option is pretty dangerous, but it is made for that > situation.
(This is an embedded box, so, short of taking a screwdriver and opening the unit, there is no other access besides this share.) Thanks for taking the time to try to explain this. The fog is starting to lift a little. I assume "force user = root" means "ignore the username provided by the client, and pretend all clients are username root instead". So what password does the client need to provide? The root Unix password, or some password entered into the SMB password database by the smbpasswd command? Does Samba use an SMB password if it finds an appropriate username in its own database, and fall back to using the Unix password if it doesn't find the username in its own database? If so, is the purpose of the SMB password to provide an alternate namespace, so that one can use a different password (and perhaps username) than has no analog among local user accounts? For instance, if my root account has the password "blahblah", can I invent an arbitrary username like "foobar" that doesn't correspond to any local Unix user account, put that into the SMB password database with the password "yadayada", and then put "force user = foobar" in smb.conf? Will all external clients then be able to log in with any username and "yadayada", so I don't need to reveal "blahblah" to anyone? Or will Samba be unable (or unwilling) to access the files owned by root without somehow being given the "blahblah" password? -- Ciao, Paul D. DeRocco Paul mailto:pdero...@ix.netcom.com > > Volker > > -- > SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen > phone: +49-551-370000-0, fax: +49-551-370000-9 > AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen > http://www.sernet.de, mailto:kont...@sernet.de > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba