[Samba] Samba4: File ownership for Domain Admins members

Andrew Bartlett abartlet at samba.org
Mon Apr 1 16:37:53 MDT 2013

On Thu, 2013-03-28 at 12:40 +0000, Daren Russell wrote:
> Hi
> I've just installed Samba 4.0.4 on FreeBSD to test for the moment.
> Everything so far has gone very well: joining the domain, GPO's etc. 
> However one thing that is happening which I find unusual, is the owner
> of files created by a user who is a member of the Domain Admins group as
> well as Domain Users.  All files created by the user are owned by id
> 3000000 (which I believe S4 maps to BUILTIN/Administrators) and not the
> actual user.  If they are then removed from the Domain Admins groups
> (and so left only in Domain Users) and the file created, the owner is
> the actual user.
> I presumed a file would be owned by the user regardless of what group
> they were in.  These file tests were carried out on each user's home
> directory, which was also owned by the user.  The question is: is that
> the way it's supposed to be?

Yes, I think it is, so that no particular domain administrator is
'special' above other domain administrators. 

I'm not sure of the exact semantics, or how it manages to happen, but
it's not unprecedented. 

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list