[Samba] SYSTEM gid=70006 in POSIX ACLs ?
?icro MEGAS
micromegas at mail333.com
Wed Oct 29 14:26:15 MDT 2014
Hey all,
I decided to use the default ranges in the smb.conf of my member server, so I changed my smb.conf and it looks like that:
==================================================
[global]
netbios name = MEMBERSRV
workgroup = MYDOM
security = ADS
realm = MYDOM.EXAMPLE.COM
encrypt passwords = yes
idmap config MYDOM:backend = ad
idmap config MYDOM:schema_mode = rfc2307
idmap config MYDOM:range = 500-40000
idmap config *:backend = tdb
idmap config *:range = 70001-80000
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/false
username map = /etc/samba/smbmap
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
==================================================
I am irritated at the moment because of a strange behaviour I never realized before...
I am creating a new share on linux prompt with "mkdir -p /some/share". The directory /some/share has mode 755 and root:root.
Now through a Windows host I connect to that member server and define following:
[Share] settings:
-------------------------------
Domain Users => Full
Domain Admins => Full
SYSTEM => Full
[Security settings:
-------------------------------
Domain Users => Read/Execute (this folder only)
Domain Admins => Full (this folder, subfolder and files)
SYSTEM => Full (this folder, subfolders and files)
Creator/Owner => Full (Subfolders and files)
and I unchecked the "inherit" box.
So far so good, when I look at the POSIX ACLs at the linux prompt of the member server, I get following output:
root at membersrv:~$ getfacl /some/share
# file: share/
# owner: root
# group: root
user::rwx
user:root:rwx
group::---
group:root:---
group:domain\040admins:rwx
group:domain\040users:r-x
group:70006:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:group::---
default:group:root:---
default:group:domain\040admins:rwx
default:group:70006:rwx
default:mask::rwx
default:other::---
I am confused about gid=70006. I did some tests and found out, that this is listed in POSIX ACLs when I add "SYSTEM" to the windows security settings. So SYSTEM seems to carry this strange gid 70006. But why? Is that something static inside Windows ? And why cannot my member server resolve gid 70006 then? Please anyone give me some explanation and advice. I am not sure, if this is correct. I never realized the 70006 gid before and I am not sure if something's wrong with the idmap stuff on my member server. I want to add, that after I adjusted my smb.conf at memberserver I restarted samba+winbind and I also tried to delete /var/lib/samba/winbind* and restart sama+winbind again. It didn't change anything, 70006 is still unresolved listed.
Thanks in advance,
Mirco
More information about the samba
mailing list