[Samba] Force primary group when using vfs_acl_xattr

Gionatan Danti g.danti at assyoma.it
Wed Jul 19 13:10:04 UTC 2017

On 19/07/2017 09:15, L.P.H. van Belle via samba wrote:
> Did you set "creator group" in the windows security rights?
> That sets the primary group. All my users have primary group "domain users".
> Folder layout is protected by the windows ACL's.
> Like this.
> \\servser\share  ( lets call it F:\ )
> I've setup like this.
> F:\folder1 allow only NTDOM\Domain Admins and NTDOM\group_folder1 and creator group.
> F:\folder2 allow only NTDOM\Domain Admins and NTDOM\group_folder2 and creator group.
> F:\folder3 allow only NTDOM\Domain Admins and NTDOM\group_folder3 and creator group.
> Etc.
> The group_folderX make sure only members of that group can enter it.
> But all files in the folder have "domain users" use for "creator group"
> Which make it accessable and writable for any user, added to group_folderX.
> Just my suggestion.
> Greetz,
> Louis

Hi Louis,
I already implemented a very similar setup.

Thanks for you feedback!

Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.danti at assyoma.it - info at assyoma.it
GPG public key ID: FF5F32A8

More information about the samba mailing list