[Samba] Home Folder

mathias dufresne infractory at gmail.com
Mon Jul 11 12:59:11 UTC 2016 

Hi Carlos,

Your problem is userA can access home directory of userB?

If your issue is only that, then you are right, this issue comes from the
fact all AD users are, by default, in "Domain users" and your Home
directories grant "Domain Users" "r-x" which means "read and enter" when
applied to directory.

Simply remove "Domain Users" from these ACL or change "Domain Users" ACl
entry to "---".

Cheers,

mathias

2016-07-10 0:31 GMT+02:00 Carlos A. P. Cunha <carlos.hollow at gmail.com>:

> Hello! I am following the how to
>
> https://wiki.samba.org/index.php/User_home_drives
>
> But even though there reported a process for User X does not access the
> home of Y User, this is happening
>
> root at fileserver:/srv/samba# getfacl home/
> # file: home/
> # owner: root
> # group: root
> user::rwx
> user:root:rwx
> user:administrator:rwx
> group::r-x
> group:root:r-x
> group:5007:r-x
> group:domain\040admins:rwx
> group:5024:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:user:root:rwx
> default:user:administrator:rwx
> default:group::r-x
> default:group:root:r-x
> default:group:domain\040admins:rwx
> default:group:5024:rwx
> default:mask::rwx
> default:other::---
>
> ------------------
>
> root at fileserver:/srv/samba/home# getfacl rs-01/
> # file: rs-01/
> # owner: administrator
> # group: domain\040users
> user::rwx
> user:rs-01:rwx
> user:administrator:rwx
> group::r-x
> group:domain\040users:r-x
> group:BUILTIN\134administrators:rwx
> group:domain\040admins:rwx
> group:5024:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:user:rs-01:rwx
> default:user:administrator:rwx
> default:group::r-x
> default:group:domain\040users:r-x
> default:group:BUILTIN\134administrators:rwx
> default:group:domain\040admins:rwx
> default:group:5024:rwx
> default:mask::rwx
> default:other::---
>
>
> ----------------------
>
> From what I think is, the problem is with the permissions of the group
> "Domain user" but that and automatically set, because it is the default
> group of users.
>
>
> Any idea ?
>
> Thank you
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list