[Samba] Samba4: File ownership for Domain Admins members

Daren Russell darenr at madaboutcable.com
Tue Apr 2 01:45:39 MDT 2013

On 01/04/2013 23:37, Andrew Bartlett wrote:
> On Thu, 2013-03-28 at 12:40 +0000, Daren Russell wrote:
>> Hi
>> I've just installed Samba 4.0.4 on FreeBSD to test for the moment.
>> Everything so far has gone very well: joining the domain, GPO's etc. 
>> However one thing that is happening which I find unusual, is the owner
>> of files created by a user who is a member of the Domain Admins group as
>> well as Domain Users.  All files created by the user are owned by id
>> 3000000 (which I believe S4 maps to BUILTIN/Administrators) and not the
>> actual user.  If they are then removed from the Domain Admins groups
>> (and so left only in Domain Users) and the file created, the owner is
>> the actual user.
>> I presumed a file would be owned by the user regardless of what group
>> they were in.  These file tests were carried out on each user's home
>> directory, which was also owned by the user.  The question is: is that
>> the way it's supposed to be?
> Yes, I think it is, so that no particular domain administrator is
> 'special' above other domain administrators. 
> I'm not sure of the exact semantics, or how it manages to happen, but
> it's not unprecedented. 

Ok, that's fair enough and I guess makes sense!


More information about the samba mailing list