What David meant is that you can achieve this by making user to run
scripts adding/removing share from a command line instead of using
srvmgr.exe or 'net share add/delete'. When those scripts will run on a
share which forces access to be root they will update smb.conf as a
root. Other shares will be accessed from a normal user identity.
Igor
[EMAIL PROTECTED] wrote:
Igor & David,
Thanks for the replies.
However, what I think I'm reading is that there is no current solution for
my problem, right?
As Igor states, how would the Windows GUI 'add/change/delete'(or even
command-line 'rmtshare') commands (know to) use this [config] share?
I trust the 'user' , that's not a problem.
The problem is that I don't want them to always be 'root' on the Samba
server, especially as they create most of the files.
There are other processes which rely on these files being owned by this
particular user, not 'root' .
Gary R. Webster
Igor Belyi <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
10/16/04 01:38 AM
To: David Rankin <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: [Samba] Re: 'add/change/delete share command'(s) in
smb.conf
On a second thought... It doesn't matter if path is '/' or '/etc/samba'
- if user has access to edit smb.conf directly he/she can create similar
share with 'path = /' and 'force user = root' any time and have access
to the whole computer. So, I agree - you'd better trust 'theusername' as
if it were 'root'.
Igor
Igor Belyi wrote:
Hm... Interesting idea... Since access is necessary only to smb.conf
than probably changing share's path to
'path = /etc/samba' could be a better alternative...
But then again.. how 'add/change/delete share commands' will know that
this particular user has access to this [config] share even if path is
left as '/'? So, it probably won't work via those commands - user will
need to edit smb.conf by hand while accessing it via the [config] share.
Igor
David Rankin wrote:
This will work:
[config]
comment = Admin Share
path = /
valid users = theusername
force user = root
force group = theusergroup
admin users = theusername
writeable = Yes
**** W A R N I N G **** whoever 'theusername' is will have complete
access
to all files listed in or below the path directory (your entire box
as shown
above). If you can limit the path to say /home or wherever the files of
concern are, you would be much better off.
--
David C. Rankin, J.D., P.E.
Rankin * Bertin, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
www.rankin-bertin.com
----- Original Message ----- From: "Igor Belyi"
<[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, October 15, 2004 11:17 PM
Subject: [Samba] Re: 'add/change/delete share command'(s) in smb.conf
[EMAIL PROTECTED] wrote:
Hello.
I need to allow one of my users to add & delete shares on my Samba
server
through the 'server manager' applet on his client .
This same user also writes some files to the same Samba server.
I don't want the files that he writes to be owned/written by 'root' .
The way I understand the 'add share command' currently, this is not
possible.
Am I missing something?
I think you are right. User can not have more than 1 identity when
connecting to Samba. If it's an Administrator everything will be done
from the root account.
Igor
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
