Samba 里面的 admin users 参数有什么用?

2019-01-23 16:15:19 +08:00
 milestonev6
最近在调试单位的 Samba,使用中发现” admin users “这个参数好像没什么作用,于是百度,发现有两种说法

a)设置在[global]下面,是整个 Samba 的管理员
b)设置在[folder]下面,是该共享目录的管理员

然后我自己在 VMware 里面测试,发现无论怎么配置,admin users 设定的账号始终是无效。

请问各位大神,这个参数到底有什么作用啊??
3133 次点击
所在节点    问与答
10 条回复
Humorce
2019-01-23 16:18:28 +08:00
milestonev6
2019-01-23 16:41:15 +08:00
@Humorce 感谢你的回答,如文档所说:

admin users
This option specifies a list of users that perform file operations as if they were root. This means that they can modify or destroy any other user's files, regardless of the permissions. Any files that they create will have root ownership and will use the default group of the admin user. The admin users option allows PC users to act as administrators for particular shares. Be very careful when using this option, and make sure good password and other security policies are in place.

At the other end of the spectrum, you can explicitly specify users who will be allowed superuser (root) access to a share with the admin users option. An example follows:

[sales]
path = /home/sales
comment = Sedona Real Estate Sales Data
writable = yes
valid users = sofie shelby adilia
admin users = mike

但是经过测试:

[folder]
path = /home/sales
writable = yes
valid users = user1
admin users = admin

以上配置只有 user1 能够进入,admin 死活进不去 - -。

有一直在使用 samba 的大神吗,Help~
hoyixi
2019-01-23 17:03:08 +08:00
# 2

"admin 死活进不去", 你在 samba 服务器添加 admin 这个用户给 samba 了吗?
yulgang
2019-01-23 17:09:48 +08:00
[share]
path = /mnt/sda1/downloads
valid users = admin
read only = no
guest ok = no
create mask = 0700
directory mask = 0700

#follow symlinks
follow symlinks = yes
wide links = yes


smbpasswd 里还要加 admin 用户,然后应该就能进去了。
milestonev6
2019-01-24 08:15:09 +08:00
@hoyixi 添加了呀,没有这个用户的话 pdbedit 是会报错吧?
milestonev6
2019-01-24 08:23:38 +08:00
@yulgang 我的理解是,管理员应该是不受” valid users “ 、“ read only ”这类参数限制的,你试下把 valid users 这条参数去掉 admin 就没权限了。
milestonev6
2019-01-24 08:25:18 +08:00
@hoyixi 上条看错,添加了 pdbedit -L 是有这个用户的。
yulgang
2019-01-24 09:25:41 +08:00
@milestonev6 我也弄不太懂这个东西,不过我的配置在路由器里是生效的,admin 访问 downloads 目录可以读写,匿名登陆到 public 只读。

# smbd -V
Version 3.6.25

#cat /opt/etc/samba/smb.conf
[global]
netbios name = RT-AC68U
display charset = UTF-8
interfaces = 127.0.0.1/8 lo 192.168.1.1/24 br0
server string = ASUS RT-AC68U Samba Shares
unix charset = UTF-8
workgroup = WORKGROUP
browseable = yes
deadtime = 30
domain master = yes
encrypt passwords = true
enable core files = no
guest account = nobody
guest ok = yes
invalid users = root
local master = yes
load printers = no
map to guest = Bad User
max protocol = SMB2
min receivefile size = 16384
null passwords = yes
obey pam restrictions = yes
os level = 20
passdb backend = smbpasswd
preferred master = yes
printable = no
security = user
smb encrypt = disabled
smb passwd file = /opt/etc/samba/smbpasswd
socket options = TCP_NODELAY IPTOS_LOWDELAY
syslog = 2
use sendfile = yes
writeable = yes
unix extensions = no

[share]
path = /mnt/sda1/downloads
valid users = admin
read only = no
guest ok = no
create mask = 0700
directory mask = 0700

#follow symlinks
follow symlinks = yes
wide links = yes
[public]
path = /mnt/sda1/public
#valid users = nobody
read only = yes
guest ok = yes
#create mask = 0700
directory mask = 0700

#follow symlinks
follow symlinks = yes
wide links = yes
milestonev6
2019-01-24 10:35:21 +08:00
@yulgang 唔,我看了下,你这个应该没有设置到管理员用户吧?也就是"admin users"这个参数,你只是允许 admin 这个用户访问 share。
yulgang
2019-01-24 11:04:09 +08:00
@milestonev6 对的,只有 admin 可以读写 share,看来我发的不是你要的东西 哈哈哈,不好意思。

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/529862

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX