[Samba] Linux Mint 21.3 client AD joined OK but no usb working
Kees van Vloten
keesvanvloten at gmail.com
Sat Mar 30 09:57:22 UTC 2024
On 30-03-2024 10:15, Rowland Penny via samba wrote:
> On Thu, 28 Mar 2024 19:25:33 +0000
> Rowland Penny via samba <samba at lists.samba.org> wrote:
>
>> On Thu, 28 Mar 2024 20:10:32 +0100
>> Kees van Vloten via samba <samba at lists.samba.org> wrote:
>>
>>> A local daemon will use /etc/nsswitch.conf to lookup UIDs and
>>> Winbind can supply them.
>>>
>>> In addition I make (domain) users member of these local groups:
>>>
>>> audio,video,dialout,cdrom,floppy,lpadmin,plugdev,bluetooth,netdev,pulse-access,users
>>>
>>> Some users also want to be member of local-groups like: libvirt,
>>> kvm, docker, vboxusers
>>>
>>> You can do this with: usermod -a -G <group> <domain-user>, this
>>> mechanism works much better than pam_group (which does not work for
>>> this purpose).
>> It worked for myself:
>>
>> SAMDOM\rowland at rpidc1:~ $ groups
>> domain users dialout cdrom floppy audio video plugdev scanner
>> BUILTIN\administrators BUILTIN\users domain admins denied rodc
>> password replication group rowland testgroup
>>
>> It just didn't help with the problem
>>> I do this when a domain-user logs in and the reverse when (s)he logs
>>> off with a script triggered by pam-session, a copy is already in the
>>> list archive somewhere.
>> Perhaps running a script when a usb drive is inserted might be the way
>> forward, but I haven't given up on either udev or udisks2 being able
>> to set the correct ownership
>>
> After much searching on the internet, I have now given up on this, it
> has nothing to do with Samba and everything to do with udev and udisks2.
>
> When you insert a usb drive into a Linux computer, udev and udisks2
> mount it on /media/USERNAME/USBDRIVENAME, it also mounts it as
> root:root with the permissions set to drwxr-xr-x, so only root can
> write to the drive, but everyone can traverse and read it.
>
> From what I can see, this cannot be automatically changed and will not
> be changed in code (he who is god, systemd wise, has spoken).
>
> Provided the drive is using a Linux filesystem (ext2 etc) then you can
> change the permissions with 'chown', but you would have to do this as
> root, any other filesystem, then I think you are stuck with what you
> are given.
>
> Rowland
You must have something installed that does the auto-mounting for you.
On my Bookworm machines that does not happen.
On the desktop KDE asks me whether I want to mount it and I can choose
not to. On the servers nothing happens, you have to mount it yourself.
- Kees.
More information about the samba
mailing list