[Samba] Domain Member Server (wheezy) - Unable to edit permissions of share without usermapping - shall I add to Wiki?

Davor Vusir davortvusir at gmail.com
Wed Mar 4 13:37:41 MST 2015


2015-03-04 21:13 GMT+01:00 Rowland Penny <rowlandpenny at googlemail.com>:
> On 04/03/15 19:25, Davor Vusir wrote:
>>
>> If I remember correctly it doesn't matter what combinations you
>> 'chmod' to. It changes to 755 as soon as you change ACLs from Windows.
>> I suggest you add uid- and gidnumber to all users and groups and chown
>> to a user:group (or perhaps group:group if possible). For example
>> chown FileShareAdmin:FileShareAdminGroup and let the user account
>> which operates the file share be a member of group
>> FileShareAdminGroup. With this approach you get some degree of
>> security if you also allow users to logon to the server with ssh for
>> example. And of course home directories.
>>
>> Choice 3 and uid-/gidNumber assigned.
>>
>> Regards
>> Davor
>>
>
> You must be mis-remembering because I just tried it and the Unix acls do not
> change, mind you I never thought they would. The windows ACLs now show with
> getfacl, so this may be what you are getting mixed up with.
>
> As for giving all users and groups an ID number, just how far do you suggest
> an admin goes? do you suggest that all the 'well known sids' be given an ID
> ?
>

I do. I tried to explain my thoughts some time ago in this thread:
https://lists.samba.org/archive/samba/2014-October/186268.html. The
thread goes on...

Regards
Davor

> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


More information about the samba mailing list