[Samba] Can one set the owner of a folder to BUILTIN\Administrators?

[Ian]

On 2/17/2016 10:32 AM, Rowland penny wrote:
> On 17/02/16 18:07, Ian wrote:
>> Actually, that works for me too.  I just issued the command 'chgrp
>> "BUILTIN\administrators" CoreLib' and it returned successfully for that
>> folder.  'ls -la' shows:
>> d---------+ 2 MMIA\domain admins  BUILTIN\administrators  5 Dec  8 11:59
>> CoreLib//
>>
>> Note however, that it fails if I attempt to chown instead:
>> [root at freenas] /mnt/trunk/MM/deploy# chown "BUILTIN\Administrators"
>> CoreLib
>> chown: BUILTIN\Administrators: illegal user name
>>
>> I can chown to other domain groups successfully.
>
> Normally a group cannot 'own' files etc, Unix uses ugo permissions and
> when you chown a file you would use something like this:

In unix, yes this is the case, however in Windows a group can.  For
instance, this works:
chown 'DOMAIN\Domain Admins' CoreLib/
ls -lad CoreLib:
d---------+ 2 MMIA\domain admins  BUILTIN\administrators  5 Dec  8 11:59
CoreLib//

Using kerberos and ldap, there doesn't seem to be anything stopping
this.  However, if I understand what you're saying, the BUILTIN\* users
and groups are part of the unix system that Samba runs on, and thus some
type of mapping must occur with "real" unix accounts.  I'm still not
clear where this mapping occurs though -- which account/group is it
actually mapping to?

What I don't get is why any of the BUILTIN\* users and groups would ever
be assigned to a group in unix.  The group file attribute in unix is
never used by Windows, however the owner is.  If every BUILTIN\* group
mapped to a user in unix, this all would work perfectly, no?