[Samba] Retaining Permissions on a share
Neil
nwilson123 at gmail.com
Tue Jun 13 07:15:40 UTC 2017
Hi guys,
I have sernet-samba-ad-4.1.21-11.el6.x86_64 and I keep getting an issue
whereby I reset the folder permissions to default by doing...
setfacl -R -k --remove-all HR
setfacl -d -R --remove-all HR
chown -R root:root HR
chmod -R 777 HR
Then via my AD MMC Computer management, connect to server, then sharing, I
have user A and B part of a group called HR-Users, and I have the group
HR-Users with full access on the folder called HR...
This initially works well, but slowly but surely I start seeing users start
owning the files in the folder they save, and folders that user A creates,
user B can't access etc, because when I look at the folder permissions it's
owned by the user A etc.
This is my config...
[global]
workgroup = blabla
realm = blabla.local
netbios name = HEADOFFICE
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
dns forwarder = 160.128.20.4
ntp signd socket directory = /var/lib/samba/ntp_signd
interfaces = 160.128.20.8, 127.0.0.1
bind interfaces only = Yes
acl allow execute always = True
log level = 3
log file = /var/log/samba/log.%m
max log size = 50
debug timestamp = yes
winbind use default domain = yes
template homedir = /home/%ACCOUNTNAME%
template shell = /bin/false
veto files = /copy.exe/host.exe/*.locky/*.lnk/*.ink/*.exe/*.scr/New
Folder.exe/
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
[HR]
path = /var/lib/samba/data/data/HR
read only = No
inherit acls = no
inherit owner = no
inherit permissions = no
acl group control = yes
Sorry if this has been covered before but I can't seem to find a way how to
prevent user A or B etc owning and preventing each other accessing the
files in the same HR share.
Any assistance is appreciated.
Thank you.
More information about the samba
mailing list