[Samba] File permissions for AD user that has been removed

Jonathan Buzzard jonathan at buzzard.me.uk
Thu Dec 12 04:56:16 MST 2013

On Wed, 2013-12-11 at 17:36 +0000, Ben Farris wrote:
> What is supposed to happen to the ownership of files/directories of
> user in Active Directory on a Samba (3.6.6) share after the user has
> been removed from Active Directory? I see the userid is set to the uid
> number but admins on the share (not root) cannot remove directories
> owned by the user. As a root user I can delete the files or changed
> ownership. I would expect there is some way to make these files
> permissions changed after the user has been deleted but I haven't found
> the setting yet

That falls under "don't do that". Basically it is bad practice to remove
users from a system when they may still have files on the system. If you
do you have now lost all history of who those files belonged to, and
things like Samba will now break in unpredictable ways.

By all means deactivate them but don't actually delete them. If you
absolutely must remove them for whatever reason then you need to get a
root shell on the box and do some "find <path> -uid ### -exec chown
<newuser> '{}' \;" action to change the ownership to a valid user and if
using quota's hope that does not bust the user who is acquiring
ownership of all these new file's quota.


Jonathan A. Buzzard                 Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.

More information about the samba mailing list