[Samba] root ownership on all new files for admin users

Vladimir Shved vladimirshved at gmail.com
Thu Mar 19 21:28:07 GMT 2009

I have samba server on windows domain, in ADS mode but have problem
tracking files that belong to admin users, anytime new file created
the default owner is root. For non-admin users its normal, newly
created files have correct ownership permissions. Its possible for a
user to go and take ownership manually from windows machine but its
just inconvenient. Is there anyway to change default behavior to
create files with correct ownership of original user rather than
mapping to root for admin users?

Thank you,
Vladimir Shved

My setup:
Ubuntu 8.04 Hardy
Samba 3.0.28a
ext3 fs w/ ACLs

censored smb.conf:
        workgroup = MYDOMAIN
        realm = MYDOMAIN.LOCAL
        server string = File Server
        security = ADS
        syslog = 0
        log file = /var/log/samba/log.%m
        log level = 1 ads:10 auth:10 sam:10 rpc:10
        max log size = 1000
        local master = No
        dns proxy = No
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        wins server =
        winbind enum users = no
        winbind enum groups = no
        winbind use default domain = yes
        winbind nested groups = yes
        passdb backend = tdbsam

        ldap ssl = on

        idmap domains = MYDOMAIN
        idmap config MYDOMAIN:backend = ldap
        idmap config MYDOMAIN:readonly = yes
        idmap config MYDOMAIN:default = yes
        idmap config MYDOMAIN:ldap_base_dn = ou=idmap,dc=mydomain,dc=local
        idmap config MYDOMAIN:ldap_url = ldaps://ldapmachine
        idmap config MYDOMAIN:ldap_anon = yes

        idmap alloc backend = tdb
        idmap alloc config:range = 30000-49999

        template shell = /bin/bash

        admin users = @"BUILTIN\administrators"
        write list = @"BUILTIN\administrators"
        client use spnego = yes
        domain master = no
        load printers = no
        printing = bsd
        printcap name = /dev/null
        show add printer wizard = no
        disable spoolss = yes

        guest account = nobody
        map to guest = bad user
        invalid users = root
        map to guest = bad password

        path = /share
        guest ok = Yes
        create mask = 0664
        directory mode = 0775

More information about the samba mailing list