Samba 里面的 admin users 参数有什么用？

@Humorce 感谢你的回答，如文档所说：

admin users
This option specifies a list of users that perform file operations as if they were root. This means that they can modify or destroy any other user's files, regardless of the permissions. Any files that they create will have root ownership and will use the default group of the admin user. The admin users option allows PC users to act as administrators for particular shares. Be very careful when using this option, and make sure good password and other security policies are in place.

At the other end of the spectrum, you can explicitly specify users who will be allowed superuser (root) access to a share with the admin users option. An example follows:

[sales]
path = /home/sales
comment = Sedona Real Estate Sales Data
writable = yes
valid users = sofie shelby adilia
admin users = mike

但是经过测试：

[folder]
path = /home/sales
writable = yes
valid users = user1
admin users = admin

以上配置只有 user1 能够进入，admin 死活进不去 - -。

有一直在使用 samba 的大神吗，Help~

＃ 2

"admin 死活进不去", 你在 samba 服务器添加 admin 这个用户给 samba 了吗？

[share]
path = /mnt/sda1/downloads
valid users = admin
read only = no
guest ok = no
create mask = 0700
directory mask = 0700

#follow symlinks
follow symlinks = yes
wide links = yes


smbpasswd 里还要加 admin 用户，然后应该就能进去了。

@hoyixi 添加了呀，没有这个用户的话 pdbedit 是会报错吧？

@yulgang 我的理解是，管理员应该是不受” valid users “ 、“ read only ”这类参数限制的，你试下把 valid users 这条参数去掉 admin 就没权限了。

@hoyixi 上条看错，添加了 pdbedit -L 是有这个用户的。

@milestonev6 我也弄不太懂这个东西，不过我的配置在路由器里是生效的，admin 访问 downloads 目录可以读写，匿名登陆到 public 只读。

# smbd -V
Version 3.6.25

#cat /opt/etc/samba/smb.conf
[global]
netbios name = RT-AC68U
display charset = UTF-8
interfaces = 127.0.0.1/8 lo 192.168.1.1/24 br0
server string = ASUS RT-AC68U Samba Shares
unix charset = UTF-8
workgroup = WORKGROUP
browseable = yes
deadtime = 30
domain master = yes
encrypt passwords = true
enable core files = no
guest account = nobody
guest ok = yes
invalid users = root
local master = yes
load printers = no
map to guest = Bad User
max protocol = SMB2
min receivefile size = 16384
null passwords = yes
obey pam restrictions = yes
os level = 20
passdb backend = smbpasswd
preferred master = yes
printable = no
security = user
smb encrypt = disabled
smb passwd file = /opt/etc/samba/smbpasswd
socket options = TCP_NODELAY IPTOS_LOWDELAY
syslog = 2
use sendfile = yes
writeable = yes
unix extensions = no

[share]
path = /mnt/sda1/downloads
valid users = admin
read only = no
guest ok = no
create mask = 0700
directory mask = 0700

#follow symlinks
follow symlinks = yes
wide links = yes
[public]
path = /mnt/sda1/public
#valid users = nobody
read only = yes
guest ok = yes
#create mask = 0700
directory mask = 0700

#follow symlinks
follow symlinks = yes
wide links = yes

@yulgang 唔，我看了下，你这个应该没有设置到管理员用户吧？也就是"admin users"这个参数，你只是允许 admin 这个用户访问 share。

@milestonev6 对的，只有 admin 可以读写 share，看来我发的不是你要的东西 哈哈哈，不好意思。