[Samba] Home Folder

Carlos A. P. Cunha carlos.hollow at gmail.com
Tue Jul 12 12:05:21 UTC 2016 

Sorry hehehehe
I mean, when access RSAT and add the "Home Folder" of the User, and give 
a Apply, the folder is automatically created with the permissions below, 
where the "Domain Users" is already linked:

getfacl rs-01 /
# File: rs-01 /
# Owner: administrator
# Group: domain \ 040users
user :: rwx
user: rs-01: rwx
user: administrator: rwx
group :: r-x
group: domain \ 040users: r-x
group: BUILTIN \ 134administrators: rwx
mask :: rwx
other :: ---
default: user :: rwx
default: user: rs-01: rwx
default: user: administrator: rwx
default: x r-group ::
default: group: domain \ 040users: r-x
default: group: BUILTIN \ 134administrators: rwx
default: mask :: rwx
default: other :: ---


and something else as well "ACL entry to" --- "." ??


Thanks!!!




Em 12-07-2016 05:31, mathias dufresne escreveu:
> Sorry I don't understand what you said.
>
> 2016-07-12 10:30 GMT+02:00 mathias dufresne <infractory at gmail.com 
> <mailto:infractory at gmail.com>>:
>
>     orry I don't understand what you said.
>
>     2016-07-11 18:41 GMT+02:00 Carlos A. P. Cunha
>     <carlos.hollow at gmail.com <mailto:carlos.hollow at gmail.com>>:
>
>         Hello!
>         But when I add the User the way "Home folder" the folder is
>         automatically created it already comes with these permissions:
>
>
>         getfacl rs-01 /
>         # File: rs-01 /
>         # Owner: administrator
>         # Group: domain \ 040users
>         user :: rwx
>         user: rs-01: rwx
>         user: administrator: rwx
>         group :: r-x
>         group: domain \ 040users: r-x
>         group: BUILTIN \ 134administrators: rwx
>         mask :: rwx
>         other :: ---
>         default: user :: rwx
>         default: user: rs-01: rwx
>         default: user: administrator: rwx
>         default: x r-group ::
>         default: group: domain \ 040users: r-x
>         default: group: BUILTIN \ 134administrators: rwx
>         default: mask :: rwx
>         default: other :: ---
>
>
>         and something else as well "ACL entry to" --- "." ??
>
>
>         Thanks!!!
>
>
>         Em 11-07-2016 09:59, mathias dufresne escreveu:
>>         Hi Carlos,
>>
>>         Your problem is userA can access home directory of userB?
>>
>>         If your issue is only that, then you are right, this issue
>>         comes from the fact all AD users are, by default, in "Domain
>>         users" and your Home directories grant "Domain Users" "r-x"
>>         which means "read and enter" when applied to directory.
>>
>>         Simply remove "Domain Users" from these ACL or change "Domain
>>         Users" ACl entry to "---".
>>
>>         Cheers,
>>
>>         mathias
>>
>>         2016-07-10 0:31 GMT+02:00 Carlos A. P. Cunha
>>         <carlos.hollow at gmail.com <mailto:carlos.hollow at gmail.com>>:
>>
>>             Hello! I am following the how to
>>
>>             https://wiki.samba.org/index.php/User_home_drives
>>
>>             But even though there reported a process for User X does
>>             not access the home of Y User, this is happening
>>
>>             root at fileserver:/srv/samba# getfacl home/
>>             # file: home/
>>             # owner: root
>>             # group: root
>>             user::rwx
>>             user:root:rwx
>>             user:administrator:rwx
>>             group::r-x
>>             group:root:r-x
>>             group:5007:r-x
>>             group:domain\040admins:rwx
>>             group:5024:rwx
>>             mask::rwx
>>             other::---
>>             default:user::rwx
>>             default:user:root:rwx
>>             default:user:administrator:rwx
>>             default:group::r-x
>>             default:group:root:r-x
>>             default:group:domain\040admins:rwx
>>             default:group:5024:rwx
>>             default:mask::rwx
>>             default:other::---
>>
>>             ------------------
>>
>>             root at fileserver:/srv/samba/home# getfacl rs-01/
>>             # file: rs-01/
>>             # owner: administrator
>>             # group: domain\040users
>>             user::rwx
>>             user:rs-01:rwx
>>             user:administrator:rwx
>>             group::r-x
>>             group:domain\040users:r-x
>>             group:BUILTIN\134administrators:rwx
>>             group:domain\040admins:rwx
>>             group:5024:rwx
>>             mask::rwx
>>             other::---
>>             default:user::rwx
>>             default:user:rs-01:rwx
>>             default:user:administrator:rwx
>>             default:group::r-x
>>             default:group:domain\040users:r-x
>>             default:group:BUILTIN\134administrators:rwx
>>             default:group:domain\040admins:rwx
>>             default:group:5024:rwx
>>             default:mask::rwx
>>             default:other::---
>>
>>
>>             ----------------------
>>
>>             From what I think is, the problem is with the permissions
>>             of the group "Domain user" but that and automatically
>>             set, because it is the default group of users.
>>
>>
>>             Any idea ?
>>
>>             Thank you
>>
>>
>>
>>
>>
>>             -- 
>>             To unsubscribe from this list go to the following URL and
>>             read the
>>             instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
>
>

More information about the samba mailing list