Seeking clarification

John H Terpstra - Samba Team jht at
Fri May 22 04:51:50 GMT 2009

 Can someone please clarify if the following behavior is a bug or an
expected feature.

Samba-3.3.4 - ADS Domain Member server.  Obviously, running winbind.
The following describes the problem as reported by the Samba admin."

There are several domain users that are members of the Domain Admins group.

Execution on the Linux (RHEL5.3) system of the following command shows
that two users have the Domain Admins group as their primary group, the
other users' primary group is Domain Users, with secondary membership in
Domain Admins.

The problem the site is complaining about is the regardless, any user
who is a member of the Domain Admins group creates files and folders on
the RHEL5.3 Linux system - but the owner and group are set to UID is
root, GID is "Domain Admins".  The problem then is that users who are
not members of the Domain Admins group can not manage permissions on the
 root owned and "Domain Admins" group owned files, nor can they write to
folders so owned.  I know this can be changed by opening up the UGO
permissions or by setting POSIX ACLs - but that is undesirable for other

When the same users who are Domain Admins members create files and
folders on a Windows Server 2003 system, they end up being owned by the
correct user, and that users' primary group.  The same happens with
Samba 3.2.7.

It seems that Samba-3.3.4 behaves differently from 3.2.7 and differently
from Windows Server 2003.

Is this a bug? If so, should I file a bug report?

Thanks for tuning in, and thanks for any responses provided.

John T.

More information about the samba-technical mailing list