[Samba] Samba 4.1 + User Homes
Rowland Penny
rowlandpenny at googlemail.com
Sun Oct 27 08:00:45 MDT 2013
On 27/10/13 13:27, spamvoll at googlemail.com wrote:
>> In my case this results in the following perms:
>> drwxrwxr-x+ 2 3000000 users 4096 Oct 22 12:57 soeldenwagner.b/ --> for
> the user's home drive folder
>> and
>> drwxrwx---+ 13 3000057 users 4096 Oct 25 22:08 soeldenwagner.b/ --> the
> user's profile folder
>
> I have exactly the same result.
> Ive deleted the HOMEDIR as user and created a new one.
> But its still the same, i can access every homedir.
> Windows access rights are the same then on profile folder.
>
> drwxrws---+ 3 3000022 users 25 Okt 27 14:14 bspears
> drwxrwx---+ 14 3000022 users 4096 Okt 27 14:15 bspears.V2
>
> # getfacl /home/HOME/bspears/
> getfacl: Removing leading '/' from absolute path names
> # file: home/HOME/bspears/
> # owner: 3000022
> # group: users
> # flags: -s-
> user::rwx
> user:root:rwx
> group::rwx
> group:users:rwx
> group:3000000:rwx
> group:3000022:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:user:root:rwx
> default:user:3000022:rwx
> default:group::rwx
> default:group:users:rwx
> default:group:3000000:rwx
> default:mask::rwx
> default:other::---
>
Hi, from the above it would seem that you are allowing all the world and
his dog rwx access to /home/HOME/bspears,
you just need to alter the facl's so that only the user 3000022 and
possibly root has any access, you can use either setfacl or do it from
windows.
Rowland
More information about the samba
mailing list