Seeking clarification

simo idra at
Fri May 22 12:42:40 GMT 2009

On Thu, 2009-05-21 at 23:51 -0500, John H Terpstra - Samba Team wrote:
> Can someone please clarify if the following behavior is a bug or an
> expected feature.
> Samba-3.3.4 - ADS Domain Member server.  Obviously, running winbind.
> The following describes the problem as reported by the Samba admin."
> There are several domain users that are members of the Domain Admins group.
> Execution on the Linux (RHEL5.3) system of the following command shows
> that two users have the Domain Admins group as their primary group, the
> other users' primary group is Domain Users, with secondary membership in
> Domain Admins.
> The problem the site is complaining about is the regardless, any user
> who is a member of the Domain Admins group creates files and folders on
> the RHEL5.3 Linux system - but the owner and group are set to UID is
> root, GID is "Domain Admins".  The problem then is that users who are
> not members of the Domain Admins group can not manage permissions on the
>  root owned and "Domain Admins" group owned files, nor can they write to
> folders so owned.  I know this can be changed by opening up the UGO
> permissions or by setting POSIX ACLs - but that is undesirable for other
> reasons.
> When the same users who are Domain Admins members create files and
> folders on a Windows Server 2003 system, they end up being owned by the
> correct user, and that users' primary group.  The same happens with
> Samba 3.2.7.
> It seems that Samba-3.3.4 behaves differently from 3.2.7 and differently
> from Windows Server 2003.
> Is this a bug? If so, should I file a bug report?
> Thanks for tuning in, and thanks for any responses provided.

Can't say w/o seeing smb.conf, are you sure they have not put these
users in the 'admin users' list ?
That would make them be root on the machine, and would explain why files
are created as root.


Simo Sorce
Samba Team GPL Compliance Officer <simo at>
Principal Software Engineer at Red Hat, Inc. <simo at>

More information about the samba-technical mailing list