Seeking clarification
simo
idra at samba.org
Fri May 22 12:42:40 GMT 2009
On Thu, 2009-05-21 at 23:51 -0500, John H Terpstra - Samba Team wrote:
> Can someone please clarify if the following behavior is a bug or an
> expected feature.
>
> Samba-3.3.4 - ADS Domain Member server. Obviously, running winbind.
> The following describes the problem as reported by the Samba admin."
>
> There are several domain users that are members of the Domain Admins group.
>
> Execution on the Linux (RHEL5.3) system of the following command shows
> that two users have the Domain Admins group as their primary group, the
> other users' primary group is Domain Users, with secondary membership in
> Domain Admins.
>
> The problem the site is complaining about is the regardless, any user
> who is a member of the Domain Admins group creates files and folders on
> the RHEL5.3 Linux system - but the owner and group are set to UID is
> root, GID is "Domain Admins". The problem then is that users who are
> not members of the Domain Admins group can not manage permissions on the
> root owned and "Domain Admins" group owned files, nor can they write to
> folders so owned. I know this can be changed by opening up the UGO
> permissions or by setting POSIX ACLs - but that is undesirable for other
> reasons.
>
> When the same users who are Domain Admins members create files and
> folders on a Windows Server 2003 system, they end up being owned by the
> correct user, and that users' primary group. The same happens with
> Samba 3.2.7.
>
> It seems that Samba-3.3.4 behaves differently from 3.2.7 and differently
> from Windows Server 2003.
>
> Is this a bug? If so, should I file a bug report?
>
> Thanks for tuning in, and thanks for any responses provided.
Can't say w/o seeing smb.conf, are you sure they have not put these
users in the 'admin users' list ?
That would make them be root on the machine, and would explain why files
are created as root.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical
mailing list