[Samba] Retaining Permissions on a share

Neil nwilson123 at gmail.com
Tue Jun 13 07:15:40 UTC 2017


Hi guys,

I have sernet-samba-ad-4.1.21-11.el6.x86_64 and I keep getting an issue
whereby I reset the folder permissions to default by doing...

setfacl -R -k --remove-all HR
setfacl -d -R --remove-all HR
chown -R root:root HR
chmod -R 777 HR

Then via my AD MMC Computer management, connect to server, then sharing,  I
have user A and B part of a group called HR-Users, and I have the group
HR-Users with full access on the folder called HR...

This initially works well, but slowly but surely I start seeing users start
owning the files in the folder they save, and folders that user A creates,
user B can't access etc, because when I look at the folder permissions it's
owned by the user A etc.

This is my config...


[global]
workgroup = blabla
realm = blabla.local
netbios name = HEADOFFICE
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
        dns forwarder = 160.128.20.4
ntp signd socket directory = /var/lib/samba/ntp_signd
  interfaces = 160.128.20.8, 127.0.0.1
  bind interfaces only = Yes
        acl allow execute always = True
log level = 3
log file = /var/log/samba/log.%m
max log size = 50
debug timestamp = yes
        winbind use default domain = yes
        template homedir = /home/%ACCOUNTNAME%
        template shell = /bin/false
veto files = /copy.exe/host.exe/*.locky/*.lnk/*.ink/*.exe/*.scr/New
Folder.exe/
        vfs objects = acl_xattr
        map acl inherit = Yes
        store dos attributes = Yes

[HR]
        path = /var/lib/samba/data/data/HR
        read only = No
        inherit acls = no
        inherit owner = no
        inherit permissions = no
acl group control = yes

Sorry if this has been covered before but I can't seem to find a way how to
prevent user A or B etc owning and preventing each other accessing the
files in the same HR share.

Any assistance is appreciated.

Thank you.


More information about the samba mailing list