[Samba] Roaming Profiles

L.P.H. van Belle belle at bazuin.nl
Wed Jun 19 06:27:47 UTC 2019 

Gooooood morning Rowland,  :-) 

Thunder and rain here.. Your pushing rain to me from england ;-) :-p

Yes, if you count administrator also to everybody.  ;-) 
What i have on my member server. ( AD backend ) 

install -d /home/samba/profiles -m 1770 -o root -g root

[profiles]
    browseable = yes
    path = /home/samba/profiles
    read only = no
    acl_xattr:ignore system acl = yes

drwxrwx--T+ 103 root root  4096 Jun 14 16:25 profiles

getfacl /home/samba/profiles/
# file: home/samba/profiles/
# owner: root
# group: root
# flags: --t
user::rwx
user:root:rwx
group::---
group:root:---
group:domain\040users:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:group::---
default:group:root:---
default:mask::rwx
default:other::---


Resulting in the profiles/username.vX folder to username and SYSTEM
Administrator (and domain admins) has access also, through root/administrator mapping,
but normal users can see the other users folder but can not access it. 

Share security, just the default, to everyone, folder rights handles everything else. 
That where the domain users comes in. 


Greetz, 

Louis





> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: dinsdag 18 juni 2019 17:15
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Roaming Profiles
> 
> On 18/06/2019 16:08, L.P.H. van Belle via samba wrote:
> > Hai,
> >
> > I think you missed the part in the link:
> > 
> https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
> #The_Windows_Roaming_Profile_Versions
> > This part:
> > Setting up the Share on the Samba File Server
> > Using Windows ACLs
> > To create a share, for example, profiles for hosting the 
> roaming profiles on a Samba file server:
> >
> > Create a new share. For details, see Setting up a Share 
> Using Windows ACLs. Set the following permissions:
> >
> > Where "Setting up a Share Using Windows ACLs" links to :
> > 
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> > Where 770 is used ;-)
> >
> > But at least you are reading the wiki... So keep doing that. :-)
> >
> > I'll get there, your change is ok.
> >
> Hi Louis, do you let your users have access to everybody 
> else's roaming 
> profiles ?
> 
> Rowland
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list