[Samba] Can one set the owner of a folder to BUILTIN\Administrators?

Rowland penny rpenny at samba.org
Wed Feb 17 19:37:08 UTC 2016

On 17/02/16 19:28, Miguel Medalha wrote:
>> Normally a group cannot 'own' files etc, Unix uses ugo permissions and
>> when you chown a file you would use something like this:
>> chown foo:somegroup somefile
>> this would make 'foo' the owner of the file and possibly allow
>> 'somegroup' access to it, this would depend on whatever permissions you
>> set with 'chmod'
>> So, as far as Unix is concerned, you shouldn't be able to chown a file
>> to 'BUILTIN\Administrators' because it is a group (g) and not a user (u)
> As a matter of fact, I can chown to any group, including AD ones, on the AD
> DC and member servers. On members servers not to BUILTIN groups, though.
> Using Samba 4.2.8 on CentOS 6 and CentOS 7.

I can understand this on DC, if you look in idmap.ldb , some groups are 
identified as 'ID_TYPE_BOTH'. This means they are both a user and a group.
On a domain member this doesn't work i.e. chown BUILTIN\\Administrators 
testdir/testfile returns:

chown: invalid user: `BUILTIN\\Administrators'


More information about the samba mailing list