[Samba] Adding domain user on linux to a unix group
Markus Fischer
markus at fischer.name
Sat Jul 1 16:03:41 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I've currently login through ssh enabled to work over winbind. I can use
domain logins successfully on the linux machine. Upon first login their
home directory gets create and everything is fine.
But the user is only a member of all windows groups, e.g.
uid=10000(markus) gid=10000(Domänen-Benutzer)
groups=10000(Domänen-Benutzer),10001(Projects),10002(WebDevelopment),10003(lokale
Administratoren)
and thus has no special rights on the machine itself.
I'm having a samba share on this machine, for web development, where
multiple users can read/write everything. The share is only available
for the above group WebDevelopment.
Through samba, I'm mapping all individual users to www-data.www-data, so
a file created by my user 'markus' is not created as user 'markus' on
the filesystem but as user 'www-data'. There are two main reasons for this:
* apache needs write permissions in certain directories on this share
* subversion, used on the samba-clients (windows machines), require it's
control files .svn user-writable which clashes often because on one
checkout multiple users are commiting (I know this is a gray area even
on subversion side, but complex web setups don't make things easy).
My first take was to map a windows group to a unix group. I tried
net groupmap add ntgroup=WebDevelopment unixgroup=www-data
but it didn't really changed anything. I could see my mapping with
"groupmap list" but permission-wise there was no difference.
My second try was to add a unix group to the windows users, which also
wasn't possible because the user didn't contain any /etc/passwd entry ...
Are there any advices how I can solve this group problems? I'm also open
to other suggestion regarding the issue.
thanks,
- - Markus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEppzd1nS0RcInK9ARAp8HAJsE55DbesmuLzt83qSH71qG5WcH2QCgxER1
SbyxBYt/7UczrZQSA2kPGp4=
=Bypx
-----END PGP SIGNATURE-----
More information about the samba
mailing list