[Samba] Posix vs. Windows File/Directory Permissions
Andrey Repin
anrdaemon at yandex.ru
Wed May 13 09:26:04 MDT 2015
Greetings, Mike!
> I want to get a better understanding of what's happening between the posix
> permissions and windows permissions.
> I start with a Samba 4 AD DC with a share: /mnt/data
> All subfolders and files have permissions and ownership that look like:
> drwxrwxrwx. 539 root root 52K May 12 17:50
> The Samba 4 Admin and User accounts are not local users on the linux
> server; they are only AD domain accounts.
That's not quite true.
> The /mnt/data share is set read only = no. I thought the AD DC ignores the
> posix ownership and permission settings, and they are controlled by ADUC
> settings via windows tools.
It would only be true, if Samba would have faked the control stuff.
Thankfully, it is NOT true.
Samba do a mapping between AD SIDs and local POSIX uid/gid stuff.
So, at any point, the access control is the real access control.
> But when I chmod the directory to 0770:
> drwxrwx--- 539 root root 52K May 12 17:53
> I can no longer access the share /mnt/data using AD DC Admin or User
> accounts.
> Can I get an RTFM pointer that addresses what happening in this example?
> Thanks for your help.
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
Though, it is hardly an RTFM, but it gives you an idea.
--
With best regards,
Andrey Repin
Wednesday, May 13, 2015 18:21:09
Sorry for my terrible english...
More information about the samba
mailing list