[Samba] Setup and configure file shares with Windows ACLs
Henrik Langos
hlangos-samba at innominate.com
Wed Jun 25 05:57:07 MDT 2014
When reading the wiki page about setting up new shares there is some
information missing.
https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs
The information I am missing most here is which posix.1 ACLs to set
after creating the shares directory.
There is only
# mkdir -p /srv/samba/Demo/
but on my system that will create a directory that is owned by root:root
and have 0755 permissions.
Not very helpful as trying to configure the Windows ACLs later gets a
"permission denied" error.
Also the "root" group shows up as unknown account (S-1-22-2-0) in the
Security tab.
We'd probably want to set it to something useful like "Domain Users", right?
But which posix user should we set?
Is root OK or should that also be changed to a genuine Windows user?
And how do you get the appropriate uid / gid numbers for chown if you
don't have winbind, sssd, nslcd, or something like it installed to do a
mapping on that machine?
I know how to get to the appropriate numbers if winbind is installed on
the server.
# wbinfo -n "Domain Users"
S-1-5-21-1358803832-2400073699-459451966-513 SID_DOM_GROUP (2)
# wbinfo -Y S-1-5-21-1358803832-2400073699-459451966-513
10001
# chown :10001
I also know how to get those numbers from ADUC *IF* the groups/users
involved have
their posix attributes set up by ADUC (or at least have their NIS domain
set).
But what is the canonical way to get that information? ldbsearch?
ldapsearch?
I'd like to put that information on the wiki, so the more generic the
better.
cheers
-henrik
More information about the samba
mailing list