[Samba] standalone server - force connections from windows group to be a specific unix user (UID)

g p gpowers01junk at gmail.com
Thu Jan 21 13:39:11 MST 2010

We have an application that is run as setuid on the linux side, and it's
directory structure has a consistent owner:group with 755 permissions
throughout.  When the application is started under linux, the process is
suid to run as the owner of the contents of this directory structure, and is
therefore able to read/write any file needed during execution.  We have a
port of this application now on windows, and need to be able to have a
similar access scheme to be able to have the windows users (which could be
any arbitrary user both on and off a domain, and the number of users vary
widely from 1 to many thousands so a smbuser map is not desirable - nor is
the need to maintain idmap, windbind, ldap, etc. configurations) access the
data that resides on the linux system, but do not wish to just open up the
linux samba share to allow anyone read/write access.

Ideally, we would be able to have the linux system just be a stand alone
samba server with share level access control, and be able to use some
mechanism to allow read/write access to the samba shares based on the group
a windows user belongs to.  It would be nice to have a windows user of some
predetermined windows group always be forced via samba to the UID that owns
the samba exported linux directories and files.

Does anyone know of a lightweight (from an admin setup and maintainability
standpoint) samba configuration that would meet this need, or behave in a
similar manner without the need for moderate to very complex directory
service configurations?

Any help would be greatly appreciated!

More information about the samba mailing list