[Samba] Confused with profile filesystem permissions

John H Terpstra jht at Samba.Org
Tue Nov 9 02:38:28 GMT 2004

On Monday 08 November 2004 21:43, andreas at conectiva.com.br wrote:
> What should be the filesystem permissions for the profile share? Something
> like 0700 user:group for the directory?

My top level: /var/lib/samba/profiles is owned by root, group = root.
Permissions are: 0770

My profile directory as user jht:
drwxr-xr-x  16 jht  Domain Users 552 2004-07-19 14:08 jht/

The Windows and unix group "Domain Users" is mapped as follows:

frodo:~ # net groupmap list
Domain Admins (S-1-5-21-726309263-4128913605-1168186429-512) -> Domain Admins
Domain Users (S-1-5-21-726309263-4128913605-1168186429-513) -> Domain Users
Domain Guests (S-1-5-21-726309263-4128913605-1168186429-514) -> Domain Guests
Print Operators (S-1-5-21-726309263-4128913605-1168186429-550) -> Print 
Backup Operators (S-1-5-21-726309263-4128913605-1168186429-551) -> Backup 
Replicator (S-1-5-21-726309263-4128913605-1168186429-552) -> Replicator
Domain Computers (S-1-5-21-726309263-4128913605-1168186429-553) -> Domain 

I hope that helps.

> I'm getting permission denied errors from winxp pro sp2 and samba
> 3.0.8pre2. Does it have something to do with "profile acls"?

My profile share definition is:

        comment = Profile Share
        path = /var/lib/samba/profiles
        read only = No
        profile acls = Yes

- John T.
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.

More information about the samba mailing list