[Samba] Samba / ACL / File System Permissions Active Directory & winbind

Jeremy Allison jra at samba.org
Wed Jul 30 23:57:31 GMT 2008

On Wed, Jul 30, 2008 at 11:17:10PM +0100, Keith Sudbury wrote:
> Hi Guys,
> I have a windows 2003 SBS handling domain logins, I also have an Ubuntu 
> machine being used as a file server this is using winbind and is on the 
> domain I can chown dirs etc with Active Directory users.
> However I have the following problem, I need to allow certain users to 
> access some dirs and not others... for example.
> "folder1" would need to be accessed by "user1" "user2" and "user3"
> Now my understanding of this would be to add users 1,2 & 3 to a group 
> say for example "group1" then chown folder1 with that group?
> "chown -R :"DOMAIN\Domain Users" folder1"
> Thats fine but then when user 1,2 or 3 access folder1 and write to the 
> folder and there primary group is "Domain Users" for example it will 
> make it unreadable for other users?
> I could force it to take permissions from the parent directory using 
> sticky bit? but what if the users creates a dir and then another dir 
> would it still take its permissions from its parent directory then?

Use the setgid bit on the directory. This causes the group ownership
of the created directory to be inherited from the owning directory,
not the creating process (and also inherit the setgid bit).


More information about the samba mailing list