[Samba] Adding domain user on linux to a unix group

Markus Fischer markus at fischer.name
Sat Jul 1 16:03:41 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I've currently login through ssh enabled to work over winbind. I can use
domain logins successfully on the linux machine. Upon first login their
home directory gets create and everything is fine.

But the user is only a member of all windows groups, e.g.

uid=10000(markus) gid=10000(Domänen-Benutzer)
groups=10000(Domänen-Benutzer),10001(Projects),10002(WebDevelopment),10003(lokale
Administratoren)

and thus has no special rights on the machine itself.

I'm having a samba share on this machine, for web development, where
multiple users can read/write everything. The share is only available
for the above group WebDevelopment.

Through samba, I'm mapping all individual users to www-data.www-data, so
  a file created by my user 'markus' is not created as user 'markus' on
the filesystem but as user 'www-data'. There are two main reasons for this:

* apache needs write permissions in certain directories on this share
* subversion, used on the samba-clients (windows machines), require it's
control files .svn user-writable which clashes often because on one
checkout multiple users are commiting (I know this is a gray area even
on subversion side, but complex web setups don't make things easy).

My first take was to map a windows group to a unix group. I tried
 net groupmap add ntgroup=WebDevelopment unixgroup=www-data
but it didn't really changed anything. I could see my mapping with
"groupmap list" but permission-wise there was no difference.

My second try was to add a unix group to the windows users, which also
wasn't possible because the user didn't contain any /etc/passwd entry ...

Are there any advices how I can solve this group problems? I'm also open
to other suggestion regarding the issue.

thanks,
- - Markus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEppzd1nS0RcInK9ARAp8HAJsE55DbesmuLzt83qSH71qG5WcH2QCgxER1
SbyxBYt/7UczrZQSA2kPGp4=
=Bypx
-----END PGP SIGNATURE-----

More information about the samba mailing list