[PATCH] Patches required for POSIX ACL support of GPOs

Matthieu Patou mat at matws.net
Thu May 10 04:07:31 MDT 2012

On 05/10/2012 12:13 AM, steve wrote:
> On 10/05/12 03:38, Andrew Bartlett wrote:
>> These patches are in my master-devel branch, and are needed for GPO
>> support to create the correct POSIX ACL.  I would very much appreciate
>> review, so we can consider enabling s3fs by default, and making the 4.0
>> Beta release.
>> https://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/master-devel 
> Hi Andrew
> I am testing s3fs but have come up against a problem on the windows side.
> I want a folder that can only be entered by members of a group, say 
> 'staff'. I mkdir the folder and set it to 0750. But now, no one can enter.
What is the gid of the staff group ? are the windows users member of 
this group ?
Having a windows group called staff is not enough you have to be sure 
that the gid of the windows group is the one you expect.

The way to know what is the gid of your windows group is to use wbinfo 
for the moment with samba 4 when using s3fs.

For instance:
mat at mpatou-t420:/usr/local/src/samba$ ./bin/wbinfo --group-info "domain 
Domain Admins:*:3000009:

So if I want to limit a folder to users of the group "Domain admins" I 
have to do:

sudo mkdir myfolder
sudo chown root.3000009 myfolder
sudo chmod 750 myfolder

This folder will be only writtable by "administrator" (it's uid is 0 as 
root on the linux side) and readable by anyone in the "Domain admins" group.


More information about the samba-technical mailing list