[Samba] Question about primary, secondary group permissions in Samba

Edouard Guigné eguigne at pasteur-cayenne.fr
Tue Dec 4 16:34:15 UTC 2018

Dear Samba Users,

I set a samba share 4.7.1 with an Active Directory backend / Winbind

Users have a primary group "Domain Users" and secondary groups to filter 
access of the folders on the share (this is defined in the AD and 
retrieved via windbind).
I created a folder "FOLDER1" on this share with permissions RWX to allow 
Users from secondary group "USERS1".
So, users from group "USERS1" can access, read, write in "FOLDER1", 
other users cannot access to folder "FOLDER1" => this is ok

But, I noticed when a users from group "USERS1" create a new sub-folder 
in "FOLDER1" that group:Domain users:rwx are automaticaly added on the 
acl of this new folder.
However, I would like that no permission added for Domain Users inside 
"FOLDERS1", only the default permission from secondary groups to be 
added (the default one set on "FOLDER1")

Is there an option in Samba to configure this ?


More information about the samba mailing list