[Samba] Upgraded a member server to 4.8, rfc2307 data?
L.P.H. van Belle
belle at bazuin.nl
Wed Sep 5 15:04:14 UTC 2018
My eyes changed some words again and the is the important part.
This is what i did mean.
>> The headache points for people. <<
Now my users switch departments, if wrongly setup, both users CAN NOT read/write one anothers files.
In my case, both users CAN read/write the created files from one another, no headache ;-)
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> L.P.H. van Belle via samba
> Verzonden: woensdag 5 september 2018 16:59
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Upgraded a member server to 4.8, rfc2307 data?
>
> Hai Marco,
>
> If you dont need it, then you can remove it.
> And in addition to Rowland comment, i'll show how i use it.
>
> In reply to.
> >It is needed? AFAI've understood it means that users will
> have UNIX primary group the windows group
> >and not 'domain users', but reeally i don't need that...
>
> I'll explain how i use it and why, maybe its useable for you
> or others.
>
> My windows group "Domain User" always the default for the
> users, it is the default group for every user, except guests.
> This is the windows default, i did assign GID's to
> "domain users"
> "domain admins" < most people dont use this or use with
> care on the linux side.
> "domain guest"
> "domain computer" < most people dont use this or use with
> care on the linux side.
>
> And some other groups i need on linux, only the groups i need
> (on linux) have GID assigned.
> And yes, i did need all the "domain ...." groups in linux
> also.. I needed these.
> That why domain admins is having a GID.
>
> I do want my windows users to login on linux systems and use
> "Domain Users" as primary group.
>
> I use this to overcome some inherit problems.
> Remember this, and this is the most important part imo.
> 17XX "Creator Owner"
> 277X "Creator Group"
> 377X "Creator Owner and Creator Group"
>
> /data root:"Domain Admins" 1755 ( allow everybody
> in this folder, even guests )
> everyone can walk/enter this folder (/data) due to the
> last 5 in 1775 on linux.
>
> /data/dep1 root:"Dep1" 2770 ( allow users/group
> rights) and if member of "Dep1" only then you can enter and
> read/write.
> /data/dep2 root:"Dep2" 2770 ( allow users/group
> rights) and if member of "Dep2" only then you can enter and
> read/write.
>
> If user1 creates a file in /data/dep1 , it creates it as
> user1:"Domain User"
> If user2 creates a file in /data/dep2 , it creates it as
> user2:"Domain User"
> But
> User1 is not able to access /data/dep2 due to the group
> restriction Dep1.
> User2 is not able to access /data/dep1 due to the group
> restriction Dep2.
>
> >> The headache points for people. <<
> Now my users switch departments, if wrongly setup, both users
> and read/write one anothers files.
> In my case, both users and read/write the created files from
> one another, no headache ;-)
>
> This is a bit how i setup my rights. ( depending on server
> and use of the server ).
>
> And please note, this is only the LINUX PART of the rights.
> And best is to keep this as much as possible in line.
>
> I hope this helps a bit for you and others.
>
>
> Greetz,
>
> Louis
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Marco Gaiarin via samba
> > Verzonden: woensdag 5 september 2018 16:15
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] Upgraded a member server to 4.8,
> rfc2307 data?
> >
> > Mandi! L.P.H. van Belle via samba
> > In chel di` si favelave...
> >
> > > idmap config LNFFVG: unix_primary_group = yes
> >
> > It is needed? AFAI've understood it means that users will
> > have UNIX primary
> > group the windows group and not 'domain users', but reeally i
> > don't need
> > that...
> >
> > --
> > dott. Marco Gaiarin GNUPG
> > Key ID: 240A3D66
> > Associazione ``La Nostra Famiglia''
> > http://www.lanostrafamiglia.it/
> > Polo FVG - Via della Bontà , 7 - 33078 - San Vito al
> > Tagliamento (PN)
> > marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711
> > f +39-0434-842797
> >
> > Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
> > http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> > (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list