[Samba] Share Permissions

Vernon Fort vfort at ifortsystems.com
Thu Apr 16 23:41:40 UTC 2020

Moving into AD integrated samba and managing the shares using MMC.  I just want to ensure I have my thoughts correct.  I set the sediskoperatorprivilege along with a functioning smb.conf and user.map.

So, I add the share
                               comment = Data1 Share
                               path = /storage/Data/Data1
read only = No

I do nothing else to the Linux side (centos 7) - i.e. no chmod or chown.  Then using MMC, I set the Share Permissions to Everyone full.  Then under security, I first remove the inherent permissions.  Then add the Data1 AD Security Group = Full.  Then I remove the everyone user.

Everything does work, however, I am a bit confused on the Windows Permissions and the actual file ownership from the Linux side.  The file/directory ownership is set to the userid + Domain Users.  So, I'm concluding that the MMC Share/Permission stuff simply grant 'ACCESS' to the share.  And the file ownership is based on the actual AD userid.  And since Domain Users is the default group, we see that.

But I feel like I am missing something.....


More information about the samba mailing list