[Samba] Group permissions and recursion
rtanner at linfield.edu
Tue Jun 27 17:49:04 GMT 2006
Now that we have successfully moved a first department share on to our
mega SAMBA server, we're in the 20% of the old 80/20 rule. Our problem
has to do with group permissions within the extended acl.
We have implemented winbind along with the ADS security mode. This
means that a user isn't just "jdoe", but is "MYDOMAIN\jdoe". We are
using the extended ACL model which means that we can set specific
permissions for specific security groups for access to any particular
file. The other thing I need to point out is that we have a hierarchy
of security groups. We have a security group, 'CATNET\adm' and the
members of that security group are the security groups 'CATNET\adm
staff' and 'CATNET\adm faculty'. The members of the latter two groups
are the actual users.
Here's the problem, a member of 'CATNET\adm staff' cannot access a file
for which 'CATNET\adm' has r/w access (group:CATNET\134adm:rwx). But if
I add 'CATNET\adm staff' even though 'CATNET\adm staff' is a member of
'CATNET\adm', it works. I thought this might be related to the smb.conf
parameter 'winbind nested groups', which I set to 'yes', but it made no
difference. Any ideas?
UNIX Services Manager
Linfield College, McMinnville OR
More information about the samba