[Samba] Can one set the owner of a folder to BUILTIN\Administrators?
Rowland penny
rpenny at samba.org
Wed Feb 17 19:37:08 UTC 2016
On 17/02/16 19:28, Miguel Medalha wrote:
>> Normally a group cannot 'own' files etc, Unix uses ugo permissions and
>> when you chown a file you would use something like this:
>>
>> chown foo:somegroup somefile
>>
>> this would make 'foo' the owner of the file and possibly allow
>> 'somegroup' access to it, this would depend on whatever permissions you
>> set with 'chmod'
>>
>> So, as far as Unix is concerned, you shouldn't be able to chown a file
>> to 'BUILTIN\Administrators' because it is a group (g) and not a user (u)
>>
> As a matter of fact, I can chown to any group, including AD ones, on the AD
> DC and member servers. On members servers not to BUILTIN groups, though.
>
> Using Samba 4.2.8 on CentOS 6 and CentOS 7.
I can understand this on DC, if you look in idmap.ldb , some groups are
identified as 'ID_TYPE_BOTH'. This means they are both a user and a group.
On a domain member this doesn't work i.e. chown BUILTIN\\Administrators
testdir/testfile returns:
chown: invalid user: `BUILTIN\\Administrators'
Rowland
More information about the samba
mailing list