Samba 里面的 admin users 参数有什么用?

2019-01-23 16:15:19 +08:00
最近在调试单位的 Samba,使用中发现” admin users “这个参数好像没什么作用,于是百度,发现有两种说法

a)设置在[global]下面,是整个 Samba 的管理员

然后我自己在 VMware 里面测试,发现无论怎么配置,admin users 设定的账号始终是无效。

2019-01-23 16:18:28 +08:00
2019-01-23 16:41:15 +08:00
@Humorce 感谢你的回答,如文档所说:

admin users
This option specifies a list of users that perform file operations as if they were root. This means that they can modify or destroy any other user's files, regardless of the permissions. Any files that they create will have root ownership and will use the default group of the admin user. The admin users option allows PC users to act as administrators for particular shares. Be very careful when using this option, and make sure good password and other security policies are in place.

At the other end of the spectrum, you can explicitly specify users who will be allowed superuser (root) access to a share with the admin users option. An example follows:

path = /home/sales
comment = Sedona Real Estate Sales Data
writable = yes
valid users = sofie shelby adilia
admin users = mike


path = /home/sales
writable = yes
valid users = user1
admin users = admin

以上配置只有 user1 能够进入,admin 死活进不去 - -。

有一直在使用 samba 的大神吗,Help~
2019-01-23 17:03:08 +08:00
# 2

"admin 死活进不去", 你在 samba 服务器添加 admin 这个用户给 samba 了吗?
2019-01-23 17:09:48 +08:00
path = /mnt/sda1/downloads
valid users = admin
read only = no
guest ok = no
create mask = 0700
directory mask = 0700

#follow symlinks
follow symlinks = yes
wide links = yes

smbpasswd 里还要加 admin 用户,然后应该就能进去了。
2019-01-24 08:15:09 +08:00
@hoyixi 添加了呀,没有这个用户的话 pdbedit 是会报错吧?
2019-01-24 08:23:38 +08:00
@yulgang 我的理解是,管理员应该是不受” valid users “ 、“ read only ”这类参数限制的,你试下把 valid users 这条参数去掉 admin 就没权限了。
2019-01-24 08:25:18 +08:00
@hoyixi 上条看错,添加了 pdbedit -L 是有这个用户的。
2019-01-24 09:25:41 +08:00
@milestonev6 我也弄不太懂这个东西,不过我的配置在路由器里是生效的,admin 访问 downloads 目录可以读写,匿名登陆到 public 只读。

# smbd -V
Version 3.6.25

#cat /opt/etc/samba/smb.conf
netbios name = RT-AC68U
display charset = UTF-8
interfaces = lo br0
server string = ASUS RT-AC68U Samba Shares
unix charset = UTF-8
workgroup = WORKGROUP
browseable = yes
deadtime = 30
domain master = yes
encrypt passwords = true
enable core files = no
guest account = nobody
guest ok = yes
invalid users = root
local master = yes
load printers = no
map to guest = Bad User
max protocol = SMB2
min receivefile size = 16384
null passwords = yes
obey pam restrictions = yes
os level = 20
passdb backend = smbpasswd
preferred master = yes
printable = no
security = user
smb encrypt = disabled
smb passwd file = /opt/etc/samba/smbpasswd
syslog = 2
use sendfile = yes
writeable = yes
unix extensions = no

path = /mnt/sda1/downloads
valid users = admin
read only = no
guest ok = no
create mask = 0700
directory mask = 0700

#follow symlinks
follow symlinks = yes
wide links = yes
path = /mnt/sda1/public
#valid users = nobody
read only = yes
guest ok = yes
#create mask = 0700
directory mask = 0700

#follow symlinks
follow symlinks = yes
wide links = yes
2019-01-24 10:35:21 +08:00
@yulgang 唔,我看了下,你这个应该没有设置到管理员用户吧?也就是"admin users"这个参数,你只是允许 admin 这个用户访问 share。
2019-01-24 11:04:09 +08:00
@milestonev6 对的,只有 admin 可以读写 share,看来我发的不是你要的东西 哈哈哈,不好意思。

