[Samba] Samba4: File ownership for Domain Admins members
darenr at madaboutcable.com
Tue Apr 2 01:45:39 MDT 2013
On 01/04/2013 23:37, Andrew Bartlett wrote:
> On Thu, 2013-03-28 at 12:40 +0000, Daren Russell wrote:
>> I've just installed Samba 4.0.4 on FreeBSD to test for the moment.
>> Everything so far has gone very well: joining the domain, GPO's etc.
>> However one thing that is happening which I find unusual, is the owner
>> of files created by a user who is a member of the Domain Admins group as
>> well as Domain Users. All files created by the user are owned by id
>> 3000000 (which I believe S4 maps to BUILTIN/Administrators) and not the
>> actual user. If they are then removed from the Domain Admins groups
>> (and so left only in Domain Users) and the file created, the owner is
>> the actual user.
>> I presumed a file would be owned by the user regardless of what group
>> they were in. These file tests were carried out on each user's home
>> directory, which was also owned by the user. The question is: is that
>> the way it's supposed to be?
> Yes, I think it is, so that no particular domain administrator is
> 'special' above other domain administrators.
> I'm not sure of the exact semantics, or how it manages to happen, but
> it's not unprecedented.
Ok, that's fair enough and I guess makes sense!
More information about the samba