-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Eamonn Hamilton wrote: | I've tried using the MMC on a W2K system to edit the permissions. I was | logged in as a domain admin account, which is mapped to a local user on | the samba box and is entered in as an admin user on the share. | | The system itself is a member server in a resource domain, while the | accounts I'm trying to add come from a trusted domain, if that makes a | difference.
I looked at the code and the current behavior is by design. Hpwever, try this patch.
cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/fZ+UIR7qMdg1EfYRAu/tAKDrMifTl82B0+0FjB+pUwwxndUmFACfbu46 RjHENqnU3ctwfOwGeAiUnsQ= =fTbv -----END PGP SIGNATURE-----
? build-me ? pchdir ? update-samba ? intl/libgettext.h Index: rpc_server/srv_srvsvc_nt.c =================================================================== RCS file: /data/cvs/samba/source/rpc_server/srv_srvsvc_nt.c,v retrieving revision 1.70.2.15 diff -u -r1.70.2.15 srv_srvsvc_nt.c --- rpc_server/srv_srvsvc_nt.c 19 Sep 2003 21:57:43 -0000 1.70.2.15 +++ rpc_server/srv_srvsvc_nt.c 3 Oct 2003 16:09:28 -0000 @@ -1457,6 +1457,7 @@ int ret; char *ptr; SEC_DESC *psd = NULL; + struct passwd *pw = NULL; DEBUG(5,("_srv_net_share_set_info: %d\n", __LINE__)); @@ -1479,8 +1480,15 @@ get_current_user(&user,p); - if (user.uid != sec_initial_uid()) + /* check the uid and then see if the user is in an + member of 'admin users'. Fail if all these checks fail */ + + pw = sys_getpwuid( user.uid); + if (! ( (user.uid == sec_initial_uid()) + || ( pw && user_in_list(pw->pw_name, lp_admin_users(snum), user.groups, user.ngroups))) ) + { return WERR_ACCESS_DENIED; + } switch (q_u->info_level) { case 1:
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba