[Samba] Creating home folders on file server automatically
Udo Willke
udo.willke at freenet.de
Tue Jun 13 10:41:12 UTC 2017
Hello Rowland,
Am 13.06.2017 um 11:34 schrieb Rowland Penny via samba:
> The only problem I can see with that is, you are giving *_ADMINS full
> control of any users home directory, I think this may be illegal in
> some countries.
Oh, this was not my idea. My understanding is that this comes from the
home share definition as described in the wiki
<https://wiki.samba.org/index.php/User_Home_Folders>
Principal: Domain Admins - Access: Full control - Applies to : This
folder, subfolders and files
I only reverse-engineered the permissions the RSAT Tool created on my
test home folder.
>
> Thinking about privacy, perhaps the PAM line should be:
>
> session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
>
> This way only the user gets any permissions on the share.
Yes, certainly an improvement. My point was that the PAM Module creates
a classic unix home dir without any Windows ACEs (if my memory serves me
well) and wondered if this could have repercussions at a later point in
time.
Thanks and best regards,
Udo
More information about the samba
mailing list