[Samba] Samba + ADS File Security Problem

Jerrynikki updatemyself at gmail.com
Thu Nov 10 07:48:49 GMT 2005

Hai All,

I have a setup with Samba share + ADS..
All my Windows XP machine is login to ADS Server also my samba share machine

Everything working fine.. except some security permission,
Users can access all share with out username and password.. 
once if they login to Windows2003 ADS.

In almost all share I allow read write permission in group wise

All my need is... who ever creating a file or folder...
they must not be the owner only administer must be..
then only we can restrict the deletion of Valuable Data
most of my share is more then 1000GB

If I change the ownership from Linux with some scripts & crontab
its creating a big accessing problem from WindowsXP systems
and I have to setup all the security permission again from Windows..

Is there any way to create files and folders only with the ownership of
administer and with stickybit permission

Here is my correct samba share configuration...

#=========================== Global Settings ================================

   workgroup = MYDOMAIN
   server string = Samba Server
   log file = /var/log/samba/%m.log
   max log size = 50
   security = ads
   encrypt passwords = yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   dns proxy = no

#=========================== Share Definitions ==============================
   #ldap idmap suffix = ou=emplist,dc=dqe,dc=com
   password server =
   realm = MYDOMAIN.COM
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   template shell = /bin/bash
   template homedir = /home/%D/%U
   allow trusted domains = no
   idmap backend = idmap_rid:DQE=16777216-33554431
   winbind use default domain = yes

   path = /vol08_700
   writable = yes
   public = yes
   nt acl support = yes
   create mask = 0755
   security mask = 0755
   inherit permissions = yes
   inherit acls = yes
   force security mode = 0
   directory security mask = 0777
   force directory security mode = 0

Please Share Your knowledge to solve this problem...

Thank You in Advance,


More information about the samba mailing list