[Samba] Home Folder
Carlos A. P. Cunha
carlos.hollow at gmail.com
Tue Jul 12 12:05:21 UTC 2016
Sorry hehehehe
I mean, when access RSAT and add the "Home Folder" of the User, and give
a Apply, the folder is automatically created with the permissions below,
where the "Domain Users" is already linked:
getfacl rs-01 /
# File: rs-01 /
# Owner: administrator
# Group: domain \ 040users
user :: rwx
user: rs-01: rwx
user: administrator: rwx
group :: r-x
group: domain \ 040users: r-x
group: BUILTIN \ 134administrators: rwx
mask :: rwx
other :: ---
default: user :: rwx
default: user: rs-01: rwx
default: user: administrator: rwx
default: x r-group ::
default: group: domain \ 040users: r-x
default: group: BUILTIN \ 134administrators: rwx
default: mask :: rwx
default: other :: ---
and something else as well "ACL entry to" --- "." ??
Thanks!!!
Em 12-07-2016 05:31, mathias dufresne escreveu:
> Sorry I don't understand what you said.
>
> 2016-07-12 10:30 GMT+02:00 mathias dufresne <infractory at gmail.com
> <mailto:infractory at gmail.com>>:
>
> orry I don't understand what you said.
>
> 2016-07-11 18:41 GMT+02:00 Carlos A. P. Cunha
> <carlos.hollow at gmail.com <mailto:carlos.hollow at gmail.com>>:
>
> Hello!
> But when I add the User the way "Home folder" the folder is
> automatically created it already comes with these permissions:
>
>
> getfacl rs-01 /
> # File: rs-01 /
> # Owner: administrator
> # Group: domain \ 040users
> user :: rwx
> user: rs-01: rwx
> user: administrator: rwx
> group :: r-x
> group: domain \ 040users: r-x
> group: BUILTIN \ 134administrators: rwx
> mask :: rwx
> other :: ---
> default: user :: rwx
> default: user: rs-01: rwx
> default: user: administrator: rwx
> default: x r-group ::
> default: group: domain \ 040users: r-x
> default: group: BUILTIN \ 134administrators: rwx
> default: mask :: rwx
> default: other :: ---
>
>
> and something else as well "ACL entry to" --- "." ??
>
>
> Thanks!!!
>
>
> Em 11-07-2016 09:59, mathias dufresne escreveu:
>> Hi Carlos,
>>
>> Your problem is userA can access home directory of userB?
>>
>> If your issue is only that, then you are right, this issue
>> comes from the fact all AD users are, by default, in "Domain
>> users" and your Home directories grant "Domain Users" "r-x"
>> which means "read and enter" when applied to directory.
>>
>> Simply remove "Domain Users" from these ACL or change "Domain
>> Users" ACl entry to "---".
>>
>> Cheers,
>>
>> mathias
>>
>> 2016-07-10 0:31 GMT+02:00 Carlos A. P. Cunha
>> <carlos.hollow at gmail.com <mailto:carlos.hollow at gmail.com>>:
>>
>> Hello! I am following the how to
>>
>> https://wiki.samba.org/index.php/User_home_drives
>>
>> But even though there reported a process for User X does
>> not access the home of Y User, this is happening
>>
>> root at fileserver:/srv/samba# getfacl home/
>> # file: home/
>> # owner: root
>> # group: root
>> user::rwx
>> user:root:rwx
>> user:administrator:rwx
>> group::r-x
>> group:root:r-x
>> group:5007:r-x
>> group:domain\040admins:rwx
>> group:5024:rwx
>> mask::rwx
>> other::---
>> default:user::rwx
>> default:user:root:rwx
>> default:user:administrator:rwx
>> default:group::r-x
>> default:group:root:r-x
>> default:group:domain\040admins:rwx
>> default:group:5024:rwx
>> default:mask::rwx
>> default:other::---
>>
>> ------------------
>>
>> root at fileserver:/srv/samba/home# getfacl rs-01/
>> # file: rs-01/
>> # owner: administrator
>> # group: domain\040users
>> user::rwx
>> user:rs-01:rwx
>> user:administrator:rwx
>> group::r-x
>> group:domain\040users:r-x
>> group:BUILTIN\134administrators:rwx
>> group:domain\040admins:rwx
>> group:5024:rwx
>> mask::rwx
>> other::---
>> default:user::rwx
>> default:user:rs-01:rwx
>> default:user:administrator:rwx
>> default:group::r-x
>> default:group:domain\040users:r-x
>> default:group:BUILTIN\134administrators:rwx
>> default:group:domain\040admins:rwx
>> default:group:5024:rwx
>> default:mask::rwx
>> default:other::---
>>
>>
>> ----------------------
>>
>> From what I think is, the problem is with the permissions
>> of the group "Domain user" but that and automatically
>> set, because it is the default group of users.
>>
>>
>> Any idea ?
>>
>> Thank you
>>
>>
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and
>> read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
>
>
More information about the samba
mailing list