[Samba] Samba PDC, permissions on user profile folders too wide
Peter Milesson
miles at atmos.eu
Mon Sep 12 10:21:21 UTC 2016
Hi folks,
I have got a Samba PDC with roaming profiles: CentOS 7 x64, build 1511
The server is set up with roaming profiles according to the current
Samba Wiki.
Roaming works, but the permissions in the profiles are too wide, giving
access not only to the user in every profile, but also to the group
(770). For example, if I log in under Windows, add a file (or folder) on
my desktop, and log off, the file (folder) will be in my profile with
permissions 770. The same from Windows XP and up to Windows 10.
This poses an immediate problem. Any user belonging to the same group as
the Samba user, with ssh access to the server, can do anything they like
with the files in any profile belonging to the same group.
I've previously through the years set up a bunch of Samba PDC servers
with Samba 3. There, the problem never occurred, the effective file
permissions always 600 (700 for directories) in the profiles.
My Profiles definition:
[Profiles]
guest ok = yes
browseable = no
writeable = yes
create mask = 0600
directory mask = 0700
path = /var/lib/samba/profiles
store dos attributes = yes
profile acls = yes
csc policy = disable
I would be grateful for any information how to solve this.
Best regards,
Peter
More information about the samba
mailing list