[Samba] Force primary group when using vfs_acl_xattr
Gionatan Danti
g.danti at assyoma.it
Wed Jul 19 13:10:04 UTC 2017
On 19/07/2017 09:15, L.P.H. van Belle via samba wrote:
>
> Did you set "creator group" in the windows security rights?
> That sets the primary group. All my users have primary group "domain users".
> Folder layout is protected by the windows ACL's.
>
> Like this.
>
> \\servser\share ( lets call it F:\ )
> I've setup like this.
> F:\folder1 allow only NTDOM\Domain Admins and NTDOM\group_folder1 and creator group.
> F:\folder2 allow only NTDOM\Domain Admins and NTDOM\group_folder2 and creator group.
> F:\folder3 allow only NTDOM\Domain Admins and NTDOM\group_folder3 and creator group.
> Etc.
>
> The group_folderX make sure only members of that group can enter it.
> But all files in the folder have "domain users" use for "creator group"
> Which make it accessable and writable for any user, added to group_folderX.
>
> Just my suggestion.
>
> Greetz,
>
> Louis
>
Hi Louis,
I already implemented a very similar setup.
Thanks for you feedback!
--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.danti at assyoma.it - info at assyoma.it
GPG public key ID: FF5F32A8
More information about the samba
mailing list