All HowTo's Cybersecurity

Give a user complete access to Samba share contents – regardless of local permissions

It can be useful to give one user (perhaps the administrator) access to all data on the Samba server regardless of local disk access permissions and ownership. For example, suppose the administrator needs to access all data in “/home” to run nightly backups. This would be a suitable solution.

The following samba share (specified in “/etc/samba/smb.comf”) allows both the “root” user and the “backup” user to access all data on the Samba server as though they were the local root user.

        comment = Complete access to this system
        path = /
        read only = No
        writable = yes
        create mask = 02770
        directory mask = 02770

        valid users = root backup
        admin users = root backup

What we’ve done is allow only the “root” and “backup” user access to the share. Then we’ve specified that those two users have root access to that share. The share happens to point to “/” which means they both have root filesystem access to the entire system.