Re: Windows domain user in Linux
On Mon, 07 May 2012 12:30:53 +0500, Muhammad Yousuf Khan wrote: > On Sat, May 5, 2012 at 5:07 PM, Camaleón wrote: (...) >> Then you can adjust the share owner and permissions in a proper way. >> >>> so it seems easy to me that i have to just chmode 770 to the >>> folder/file >>> and things starts working accordingly. >> >> Easy, can be (I can't tell because I don't know the details of your >> samba/ shares layout). Secure, not. > > mostly share are like this. > > [Library] > comment = Shared Directories > path = /hdxxx/100xx/libxxx/ > read list = @all > write list = nhasnain, admin > read only = yes > create mask = 0774 > directory mask = 0774 (...) It looks like a very simple share setup so there should be no compelling reasons to add a samba-linux user to the root's group. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jo8u4d$e2o$8...@dough.gmane.org
Re: Windows domain user in Linux
On Sat, May 5, 2012 at 5:07 PM, Camaleón wrote: > On Sat, 05 May 2012 16:19:52 +0500, Muhammad Yousuf Khan wrote: > >> On Sat, May 5, 2012 at 1:50 AM, Camaleón wrote: > Thanks for the informative email, however administrator is me so thats the reason i added that. >>> >>> Yes, but that's still dangerous. Why do you need to be in root's group? >>> >>> >> Because, there are few folders stored on samba storage where me as a >> administrator need to write files very often. > > Then you can adjust the share owner and permissions in a proper way. > >> so it seems easy to me that i have to just chmode 770 to the folder/file >> and things starts working accordingly. > > Easy, can be (I can't tell because I don't know the details of your samba/ > shares layout). Secure, not. mostly share are like this. [Library] comment = Shared Directories path = /hdxxx/100xx/libxxx/ read list = @all write list = nhasnain, admin read only = yes create mask = 0774 directory mask = 0774 > >> by the way , what kind of security consequences you are talking about? > > An impersonated user that can access/read/delete your system files. > >> note : i am using this only for samba share > > More reasons to avoid exposing your system security. Thanks , i got your point ... and i like it too. ill change the right infrastructure accordingly. > > Greetings, > > -- > Camaleón > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/jo355m$4gr$4...@dough.gmane.org > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cagwvfmmwvnkdmtuwpfbw0t_0gn5-erodbtfjjgncz-m8kv8...@mail.gmail.com
Re: Windows domain user in Linux
On Sat, 05 May 2012 16:19:52 +0500, Muhammad Yousuf Khan wrote: > On Sat, May 5, 2012 at 1:50 AM, Camaleón wrote: >>> Thanks for the informative email, however administrator is me so thats >>> the reason i added that. >> >> Yes, but that's still dangerous. Why do you need to be in root's group? >> >> > Because, there are few folders stored on samba storage where me as a > administrator need to write files very often. Then you can adjust the share owner and permissions in a proper way. > so it seems easy to me that i have to just chmode 770 to the folder/file > and things starts working accordingly. Easy, can be (I can't tell because I don't know the details of your samba/ shares layout). Secure, not. > by the way , what kind of security consequences you are talking about? An impersonated user that can access/read/delete your system files. > note : i am using this only for samba share More reasons to avoid exposing your system security. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jo355m$4gr$4...@dough.gmane.org
Re: Windows domain user in Linux
On Sat, May 5, 2012 at 1:50 AM, Camaleón wrote: > On Fri, 04 May 2012 21:06:58 +0500, Muhammad Yousuf Khan wrote: > >> On Fri, May 4, 2012 at 8:10 PM, Camaleón wrote: >>> On Fri, 04 May 2012 12:32:31 +0500, Muhammad Yousuf Khan wrote: >>> i am using winbind for samba to fetch users from windows domain. now i want to add a windows domain user "administrator" a member of group "root". however when i run the command it gives me an error. #useradd -G root administrator useradd: user 'administrator' already exists >>> >>> Is the user already in an external database? >>> >>> >From "man adduser": >>> >>> *** >>> CAVEATS >>> You may not add a user to a NIS or LDAP group. This must be performed >>> on the corresponding server. >>> >>> Similarly, if the username already exists in an external user database >>> such as NIS or LDAP, useradd will deny the user account creation >>> request. *** >>> >>> In addition, if the user "administrator" already exists locally, you >>> have to use "usermod" instead. >>> >>> Note: adding a user to the root's group can be dangerous. >> >> >> Thanks for the informative email, however administrator is me so thats >> the reason i added that. > > Yes, but that's still dangerous. Why do you need to be in root's group? > Because, there are few folders stored on samba storage where me as a administrator need to write files very often. so it seems easy to me that i have to just chmode 770 to the folder/file and things starts working accordingly. by the way , what kind of security consequences you are talking about? note : i am using this only for samba share >> Thanks any ways, > > You're welcome. > > Anyway, a quick note on your first one-liner: by re-reading "man useradd" > I think you should use "-g" instead "-G". > > Greetings, > > -- > Camaleón > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/jo1fe4$3du$1...@dough.gmane.org > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cagwvfmmvpccg5mqrh01w5zj9wqcdv3wtu0dkdcochay703z...@mail.gmail.com
Re: Windows domain user in Linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 04.05.2012 18:05, schrieb Muhammad Yousuf Khan: > On Fri, May 4, 2012 at 7:49 PM, Daniel Koch > wrote: Am 04.05.2012 09:32, schrieb > Muhammad Yousuf Khan: i am using winbind for samba to fetch users from windows domain. now i want to add a windows domain user "administrator" a member of group "root". however when i run the command it gives me an error. #useradd -G root administrator useradd: user 'administrator' already exists > > What about: > > # adduser administrator root > > >> wwwowww It worked Thanks mate :) > >> can i ask a question , why it worked by adduser and why not >> useradd as both commands works for a same purpose AFAIK -G, --groups GROUPS list of supplementary groups of the new account ^^^ "new account" that is why : "'administrator' already exists" - -- Daniel Koch -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk+k85IACgkQOy1+jxP0nDn2rgCdGEP/FhNj8yjOKcXeDr+9vWnu 9IQAniXquXjZiob2nUo8tO+yNsa0ERi2 =GUsO -END PGP SIGNATURE- <>
Re: Windows domain user in Linux
On Fri, 04 May 2012 21:06:58 +0500, Muhammad Yousuf Khan wrote: > On Fri, May 4, 2012 at 8:10 PM, Camaleón wrote: >> On Fri, 04 May 2012 12:32:31 +0500, Muhammad Yousuf Khan wrote: >> >>> i am using winbind for samba to fetch users from windows domain. now i >>> want to add a windows domain user "administrator" a member of group >>> "root". however when i run the command it gives me an error. >>> >>> #useradd -G root administrator >>> useradd: user 'administrator' already exists >> >> Is the user already in an external database? >> >> >From "man adduser": >> >> *** >> CAVEATS >> You may not add a user to a NIS or LDAP group. This must be performed >> on the corresponding server. >> >> Similarly, if the username already exists in an external user database >> such as NIS or LDAP, useradd will deny the user account creation >> request. *** >> >> In addition, if the user "administrator" already exists locally, you >> have to use "usermod" instead. >> >> Note: adding a user to the root's group can be dangerous. > > > Thanks for the informative email, however administrator is me so thats > the reason i added that. Yes, but that's still dangerous. Why do you need to be in root's group? > Thanks any ways, You're welcome. Anyway, a quick note on your first one-liner: by re-reading "man useradd" I think you should use "-g" instead "-G". Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jo1fe4$3du$1...@dough.gmane.org
Re: Windows domain user in Linux
On Fri, May 4, 2012 at 8:10 PM, Camaleón wrote: > On Fri, 04 May 2012 12:32:31 +0500, Muhammad Yousuf Khan wrote: > >> i am using winbind for samba to fetch users from windows domain. now i >> want to add a windows domain user "administrator" a member of group >> "root". however when i run the command it gives me an error. >> >> #useradd -G root administrator >> useradd: user 'administrator' already exists > > Is the user already in an external database? > > >From "man adduser": > > *** > CAVEATS > You may not add a user to a NIS or LDAP group. This must be performed on > the corresponding server. > > Similarly, if the username already exists in an external user database > such as NIS or LDAP, useradd will deny the user account creation request. > *** > > In addition, if the user "administrator" already exists locally, you have > to use "usermod" instead. > > Note: adding a user to the root's group can be dangerous. Thanks for the informative email, however administrator is me so thats the reason i added that. Thanks any ways, > > Greetings, > > -- > Camaleón > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/jo0rhj$3du$7...@dough.gmane.org > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cagwvfmkkubl0udlahfnznjumyejl6brn9px5jspt6qmvuju...@mail.gmail.com
Re: Windows domain user in Linux
On Fri, May 4, 2012 at 7:49 PM, Daniel Koch wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Am 04.05.2012 09:32, schrieb Muhammad Yousuf Khan: >> i am using winbind for samba to fetch users from windows domain. >> now i want to add a windows domain user "administrator" a member of >> group "root". however when i run the command it gives me an error. >> >> #useradd -G root administrator useradd: user 'administrator' >> already exists >> >> >> Please Help. >> >> Thank you, >> >> > > What about: > > # adduser administrator root > wwwowww It worked Thanks mate :) can i ask a question , why it worked by adduser and why not useradd as both commands works for a same purpose AFAIK Thanks, > > ? > - -- > Daniel Koch > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.12 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk+j7GIACgkQOy1+jxP0nDmZ9ACeJpcOZYq1a6pcDDp9Brc1qpNz > NcsAn1B8laCryqQH3yMQ3pgAMToOLUby > =Gyuk > -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAGWVfMkvgtNv7qQUFCgY8Wh=P=sfkyryo9mawk3p_fprxk2...@mail.gmail.com
Re: Windows domain user in Linux
On Fri, 04 May 2012 12:32:31 +0500, Muhammad Yousuf Khan wrote: > i am using winbind for samba to fetch users from windows domain. now i > want to add a windows domain user "administrator" a member of group > "root". however when i run the command it gives me an error. > > #useradd -G root administrator > useradd: user 'administrator' already exists Is the user already in an external database? >From "man adduser": *** CAVEATS You may not add a user to a NIS or LDAP group. This must be performed on the corresponding server. Similarly, if the username already exists in an external user database such as NIS or LDAP, useradd will deny the user account creation request. *** In addition, if the user "administrator" already exists locally, you have to use "usermod" instead. Note: adding a user to the root's group can be dangerous. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jo0rhj$3du$7...@dough.gmane.org
Re: Windows domain user in Linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 04.05.2012 09:32, schrieb Muhammad Yousuf Khan: > i am using winbind for samba to fetch users from windows domain. > now i want to add a windows domain user "administrator" a member of > group "root". however when i run the command it gives me an error. > > #useradd -G root administrator useradd: user 'administrator' > already exists > > > Please Help. > > Thank you, > > What about: # adduser administrator root ? - -- Daniel Koch -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk+j7GIACgkQOy1+jxP0nDmZ9ACeJpcOZYq1a6pcDDp9Brc1qpNz NcsAn1B8laCryqQH3yMQ3pgAMToOLUby =Gyuk -END PGP SIGNATURE- <>
