[Samba] ACLs, groups and suid-bit?
Harald Hannelius
harald+samba at arcada.fi
Tue Sep 8 12:55:47 UTC 2020
On Tue, 8 Sep 2020, Rowland penny via samba wrote:
> On 08/09/2020 13:27, Harald Hannelius via samba wrote:
>>
>> Hello,
>>
>> I have users in Samba AD with uid- and gidnumbers. I also have group
>> objects with gidNumbers.
>>
>> I have a Samba member server (all servers Samba 4.9.5-Debian) that have one
>> share and a lot of directories.
>>
>> The directory permissions are set as a specific group as owner, and the
>> group write and suid bit are set.
>>
>> drwxrwsr-x 2 root thegroup 4096 Sep 8 15:25 groupdir
>>
>> This worked fine in Samba 3. However, now when people are storing files in
>> the dir the file doesn't get group ownership 'thegroup' nor does it get
>> write permission bit set.
>>
>> Is there a new and improved way to accomplish this now?
>>
>>
> Can we see the smb.conf from your Unix domain member before we comment.
[global]
dedicated keytab file = /etc/krb5.keytab
disable spoolss = Yes
kerberos method = secrets and keytab
load printers = No
printcap name = /dev/null
realm = SAD.DOMAIN.COM
security = ADS
username map = /etc/samba/user.map
utmp = Yes
winbind cache time = 20
winbind enum groups = Yes
winbind enum users = Yes
winbind refresh tickets = Yes
winbind use default domain = Yes
workgroup = SAD
idmap config sad:unix_primary_group = yes
idmap config sad:unix_nss_info = yes
idmap config sad:range = 500-4000000
idmap config sad:schema_mode = rfc2307
idmap config sad:backend = ad
idmap config * : range = 5000000-9000000
idmap config * : backend = tdb
map acl inherit = Yes
printing = bsd
vfs objects = acl_xattr
[intra]
create mask = 0665
directory mask = 02775
path = /tftpboot/intra
read only = No
--
Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020
More information about the samba
mailing list