[Samba] configuring Shares, Users with Samba 4.0.5 as an AD DC
steve at steve-ss.com
Sun May 19 01:57:56 MDT 2013
On Sun, 2013-05-19 at 09:14 +0200, Ulrich Schneider wrote:
> Hm, your alternative (understanding windows acls) seems not much better
> to me.
> Yesterday it seemed to work ... until I deleted a folder created by an
> administrator as a ordinary user.
> Do I get this right? valid users = @group ... so @group could be any
> group in the Active Directory?
Oh no, I'm certain it's no better. I favour it because I've wasted so
much time trying to understand what the smb.conf 'something = <value>'
syntax does in Linux terms. It struck me one day that what those options
are doing are altering the acl's on the shares.
As far as I can see, the windows administrator creates files as:
Administrator: Domain\ Users
If there is group rw on the share where he created the file then any
user in Domain\ Users (all users by default) would be able to delete it.
I made the mistake in believing that the domain admin on windows was
like root on Linux. Nope.
More information about the samba