[Samba] Samba + ADS File Security Problem
updatemyself at gmail.com
Thu Nov 10 07:48:49 GMT 2005
I have a setup with Samba share + ADS..
All my Windows XP machine is login to ADS Server also my samba share machine
Everything working fine.. except some security permission,
Users can access all share with out username and password..
once if they login to Windows2003 ADS.
In almost all share I allow read write permission in group wise
All my need is... who ever creating a file or folder...
they must not be the owner only administer must be..
then only we can restrict the deletion of Valuable Data
most of my share is more then 1000GB
If I change the ownership from Linux with some scripts & crontab
its creating a big accessing problem from WindowsXP systems
and I have to setup all the security permission again from Windows..
Is there any way to create files and folders only with the ownership of
administer and with stickybit permission
Here is my correct samba share configuration...
#=========================== Global Settings ================================
workgroup = MYDOMAIN
server string = Samba Server
log file = /var/log/samba/%m.log
max log size = 50
security = ads
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
#=========================== Share Definitions ==============================
#ldap idmap suffix = ou=emplist,dc=dqe,dc=com
password server = 172.16.20.200
realm = MYDOMAIN.COM
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
template homedir = /home/%D/%U
allow trusted domains = no
idmap backend = idmap_rid:DQE=16777216-33554431
winbind use default domain = yes
path = /vol08_700
writable = yes
public = yes
nt acl support = yes
create mask = 0755
security mask = 0755
inherit permissions = yes
inherit acls = yes
force security mode = 0
directory security mask = 0777
force directory security mode = 0
Please Share Your knowledge to solve this problem...
Thank You in Advance,
More information about the samba