SUMMARY: [Samba] hiding Unix perms

Rob Helmer robert at
Wed Jul 24 16:51:02 GMT 2002


I figured it out, in short, winbind rocks.

For some reason, I did not see the point of specifying nss_winbind in 
/etc/nsswitch.conf. Now that I did that I can use the UIDs/GIDs mapped
for my system by winbindd for perms.

Using winbind this way eliminates the need to create local Unix accounts :)
Awesome. I'm not sure why I didn't realize this before ( maybe because
the other server I have set up is a dev server where all the developers
have shell accounts, never gave it much thought .. but I wanted ACLs and
the ability to store domain info so I used winbind there. This is a server
intended for windows users, no shells except for mine )

Great work!


----- Forwarded message from Rob Helmer <robert at> -----

Delivered-To: samba at
From: Rob Helmer <robert at>
To: samba at
User-Agent: Mutt/1.2.5i
Organization: Namodn Artists -
X-OS-Type: Debian GNU/Linux 2.2
Subject: [Samba] hiding Unix perms
Errors-To: samba-admin at
X-BeenThere: samba at
X-Mailman-Version: 2.0.8
Precedence: bulk
List-Help: <mailto:samba-request at>
List-Post: <mailto:samba at>
List-Subscribe: <>,
	<mailto:samba-request at>
List-Id: General questions regarding Samba <>
List-Unsubscribe: <>,
	<mailto:samba-request at>
List-Archive: <>
X-Original-Date: Wed, 24 Jul 2002 14:07:06 -0700
Date: Wed, 24 Jul 2002 14:07:06 -0700


Sorry if I missed this in the docs, I haven't seen an option to do this..

I have a Samba server ( Linux 2.20acl kernel ) named "fileserver" set up and 
working well as a fileserver to Windows clients ( I am using winbind also ).

Samba has some awesome capabilities nowadays :) The current issues I am
facing aren't exactly showstoppers, but I know they'll be confusing if I
open it up to users as the main file server when it's like this.

I've noticed that from a Windows box, I can see permissions that match
the Unix permissions ( \\fileserver\rhelmer,  \\fileserver\samba and
Everyone ). 

Also, if I create a file, ( logged into the domain as rhelmer ), it uses
my Unix account ( \\fileserver\rhelmer as the owner, not \\domain\rhelmer ).
I have a script that creates a Unix account for every validated user
from the domain, is this the cause ? ( not sure if I need to do this
anymore now that I am using winbind and ACL ).

How can I :

1) not display the Unix permissions to Windows users ( they can't change
   them anyway.. )

2) have files created by a domain user be owned by \\domain\user not


To unsubscribe from this list go to the following URL and read the

----- End forwarded message -----

More information about the samba mailing list