[Samba] unix_primary_group = yes don t work

L.P.H. van Belle belle at bazuin.nl
Wed Feb 6 14:58:52 UTC 2019


Hai Rowland, 

Thats strange.. my test shows different things. 

A SSH login, SSO/kerberos on domain member with nfsv4 kerberized mounted homedir.
Tested samba 4.8.8 and 4.9.4 (members) 

touch test-for-Rowland
-rw-r-----   1 louis domain users        0 Feb  6 15:42 test-for-Rowland

And i copied this from my w10 pc. 
-rwxrwx---   1 louis domain users        0 Feb  6 15:42 test-for-Rowland - kopie

And a new txt file made from my pc
-rwxrwx---   1 louis domain users        0 Feb  6 15:45 Nieuw tekstdocument for Rowland.txt 


Member with nfs mounted homedir. 

getfacl ../louis/
# file: ../louis/
# owner: louis
# group: root
user::rwx
group::rwx
other::---


And the member sharing the nfs, also where i write over smb from my win10 pc.

getfacl /home/samba/users/louis
getfacl: Removing leading '/' from absolute path names
# file: home/samba/users/louis
# owner: louis
# group: root
user::rwx
user:root:rwx
user:louis:rwx
group::---
group:root:---
group:BUILTIN\134administrators:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:louis:rwx
default:group::---
default:group:root:---
default:group:BUILTIN\134administrators:rwx
default:mask::rwx
default:other::---


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland Penny via samba
> Verzonden: woensdag 6 februari 2019 15:39
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] unix_primary_group = yes don t work
> 
> On Wed, 6 Feb 2019 13:25:08 +0100
> Christian Daré via samba <samba at lists.samba.org> wrote:
> 
> > thanks for the answer, Louis.
> > i m talking about the userhome dir.
> > I ve already read https://wiki.samba.org/index.php/User_Home_Folders
> > and i m applying the posix acls to my share.
> > As the users's home is shared between windows and linux, i d rather
> > use the posix acls than the windows ones.
> > 
> > Beside the homedir of my users have a form like /home/ first letter
> > of name /login ( ex : /home/d/dare ) and i cant change that, this is
> > why i use the [home] share , it s the simplier solution for me.
> > 
> > Is it mandatory to use the windows acls to have the functionnality i
> > m looking for ?
> > 
> 
> Been doing some testing on this, if a user connects via ssh to a Unix
> domain member that is set up to use the users Unix group as 
> its primary
> group and creates a file, I get this:
> 
> root at testsmb:~# ls -la /home/giduser/test.txt 
> -rw-r--r-- 1 giduser unixgroup 0 Feb  6 14:31 /home/giduser/test.txt
> 
> However, if the user connects via SMB to a share and creates a file, I
> get this:
> 
> root at testsmb:~# ls -la /home/data/test.txt
> -rwxrwxr-x+ 1 giduser domain users 0 Feb  6 13:48 /home/data/test.txt
> 
> It looks like the Samba tools ignore 'idmap config SAMDOM :
> unix_primary_group = yes'
> 
> Rowland
> 
>  
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 




More information about the samba mailing list