[Samba] Automatically assigning uidNumber / gidNumber attributes
Łukasz Michalski
lm at zork.pl
Fri Jun 7 15:37:01 UTC 2019
On 05.06.2019 22:40, Rowland penny via samba wrote:
>>
>> https://lists.samba.org/archive/samba/2019-June/223478.html
>> In this post, Rowland said "Oh good, 'Domain Admins' doesn't have a
>> gidNumber attribute."
> Domain Admins is a group that must own files in Sysvol. Samba runs on Unix and groups cannot own files on Unix, so Domain Admins is mapped as ID_TYPE_BOTH in idmap.ldb on the DC, this makes Domain Admins a group and a user. If you give Domain Admins a gidNumber attribute, it becomes just a group and cannot own files.
>>
Now I am confused. Reading "Adding a share" on domain member here:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs#Adding_a_Share
If with idmap-ad I do not set gidNumber to Domain Admins I will not be able to chown to that group?
Is it better to create other administrative group for managing file permissions?
Regards,
Łukasz
More information about the samba
mailing list