[Samba] Re: Need help understanding smbldap-tools and user
records
Bradley W. Langhorst
brad at langhorst.com
Fri Feb 28 04:13:33 GMT 2003
On Thu, 2003-02-27 at 19:28, Jim wrote:
> Another question.
> I'm not a Perl writer so I need to know if the -g and -G options for
> smbldap-useradd.pl assume the pre-existence of the group in question.
groups should exist before you try to add a user to them
it will just ignore non existent groups passed by -G
>
> I have to say that I am not very pleased with the fact that a group is
> not by default added for the user. Niether does there seem to be a way
> to do this easily. The end consequence is that you wind up with the
> default group meaning that unless you have permissions set to 700 that
> all other users get access. This is not something I would prefer from a
> security standpoint since one cannot really expect users to understand
> permissions.
We don't do one user per group here because i think that is pretty
useless. - why bother with group permissions if you're the only member
of your primary group?
Instead we have some shares that contain group data - files written to
those shares are 770 by default (group read write)
files written to home directories default to 700
if you really want the one group per user behaviour just uncomment
the stuff around line 99 of smbldap-useradd.pl.
Aparently that was the default behaviour (with a -n flag to turn it off)
until somebody got annoyed with it...
brad
--
Bradley W. Langhorst <brad at langhorst.com>
More information about the samba
mailing list