V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
milestonev6
V2EX  ›  问与答

Samba 里面的 admin users 参数有什么用?

  •  
  •   milestonev6 · 2019-01-23 16:15:19 +08:00 · 3155 次点击
    这是一个创建于 2164 天前的主题,其中的信息可能已经有所发展或是发生改变。
    最近在调试单位的 Samba,使用中发现” admin users “这个参数好像没什么作用,于是百度,发现有两种说法

    a)设置在[global]下面,是整个 Samba 的管理员
    b)设置在[folder]下面,是该共享目录的管理员

    然后我自己在 VMware 里面测试,发现无论怎么配置,admin users 设定的账号始终是无效。

    请问各位大神,这个参数到底有什么作用啊??
    10 条回复    2019-01-24 11:04:09 +08:00
    Humorce
        1
    Humorce  
       2019-01-23 16:18:28 +08:00
    milestonev6
        2
    milestonev6  
    OP
       2019-01-23 16:41:15 +08:00
    @Humorce 感谢你的回答,如文档所说:

    admin users
    This option specifies a list of users that perform file operations as if they were root. This means that they can modify or destroy any other user's files, regardless of the permissions. Any files that they create will have root ownership and will use the default group of the admin user. The admin users option allows PC users to act as administrators for particular shares. Be very careful when using this option, and make sure good password and other security policies are in place.

    At the other end of the spectrum, you can explicitly specify users who will be allowed superuser (root) access to a share with the admin users option. An example follows:

    [sales]
    path = /home/sales
    comment = Sedona Real Estate Sales Data
    writable = yes
    valid users = sofie shelby adilia
    admin users = mike

    但是经过测试:

    [folder]
    path = /home/sales
    writable = yes
    valid users = user1
    admin users = admin

    以上配置只有 user1 能够进入,admin 死活进不去 - -。

    有一直在使用 samba 的大神吗,Help~
    hoyixi
        3
    hoyixi  
       2019-01-23 17:03:08 +08:00
    # 2

    "admin 死活进不去", 你在 samba 服务器添加 admin 这个用户给 samba 了吗?
    yulgang
        4
    yulgang  
       2019-01-23 17:09:48 +08:00
    [share]
    path = /mnt/sda1/downloads
    valid users = admin
    read only = no
    guest ok = no
    create mask = 0700
    directory mask = 0700

    #follow symlinks
    follow symlinks = yes
    wide links = yes


    smbpasswd 里还要加 admin 用户,然后应该就能进去了。
    milestonev6
        5
    milestonev6  
    OP
       2019-01-24 08:15:09 +08:00
    @hoyixi 添加了呀,没有这个用户的话 pdbedit 是会报错吧?
    milestonev6
        6
    milestonev6  
    OP
       2019-01-24 08:23:38 +08:00
    @yulgang 我的理解是,管理员应该是不受” valid users “ 、“ read only ”这类参数限制的,你试下把 valid users 这条参数去掉 admin 就没权限了。
    milestonev6
        7
    milestonev6  
    OP
       2019-01-24 08:25:18 +08:00
    @hoyixi 上条看错,添加了 pdbedit -L 是有这个用户的。
    yulgang
        8
    yulgang  
       2019-01-24 09:25:41 +08:00
    @milestonev6 我也弄不太懂这个东西,不过我的配置在路由器里是生效的,admin 访问 downloads 目录可以读写,匿名登陆到 public 只读。

    # smbd -V
    Version 3.6.25

    #cat /opt/etc/samba/smb.conf
    [global]
    netbios name = RT-AC68U
    display charset = UTF-8
    interfaces = 127.0.0.1/8 lo 192.168.1.1/24 br0
    server string = ASUS RT-AC68U Samba Shares
    unix charset = UTF-8
    workgroup = WORKGROUP
    browseable = yes
    deadtime = 30
    domain master = yes
    encrypt passwords = true
    enable core files = no
    guest account = nobody
    guest ok = yes
    invalid users = root
    local master = yes
    load printers = no
    map to guest = Bad User
    max protocol = SMB2
    min receivefile size = 16384
    null passwords = yes
    obey pam restrictions = yes
    os level = 20
    passdb backend = smbpasswd
    preferred master = yes
    printable = no
    security = user
    smb encrypt = disabled
    smb passwd file = /opt/etc/samba/smbpasswd
    socket options = TCP_NODELAY IPTOS_LOWDELAY
    syslog = 2
    use sendfile = yes
    writeable = yes
    unix extensions = no

    [share]
    path = /mnt/sda1/downloads
    valid users = admin
    read only = no
    guest ok = no
    create mask = 0700
    directory mask = 0700

    #follow symlinks
    follow symlinks = yes
    wide links = yes
    [public]
    path = /mnt/sda1/public
    #valid users = nobody
    read only = yes
    guest ok = yes
    #create mask = 0700
    directory mask = 0700

    #follow symlinks
    follow symlinks = yes
    wide links = yes
    milestonev6
        9
    milestonev6  
    OP
       2019-01-24 10:35:21 +08:00
    @yulgang 唔,我看了下,你这个应该没有设置到管理员用户吧?也就是"admin users"这个参数,你只是允许 admin 这个用户访问 share。
    yulgang
        10
    yulgang  
       2019-01-24 11:04:09 +08:00
    @milestonev6 对的,只有 admin 可以读写 share,看来我发的不是你要的东西 哈哈哈,不好意思。
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   3595 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 27ms · UTC 04:32 · PVG 12:32 · LAX 20:32 · JFK 23:32
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.