[Samba] Share Permissions
vfort at ifortsystems.com
Thu Apr 16 23:41:40 UTC 2020
Moving into AD integrated samba and managing the shares using MMC. I just want to ensure I have my thoughts correct. I set the sediskoperatorprivilege along with a functioning smb.conf and user.map.
So, I add the share
comment = Data1 Share
path = /storage/Data/Data1
read only = No
I do nothing else to the Linux side (centos 7) - i.e. no chmod or chown. Then using MMC, I set the Share Permissions to Everyone full. Then under security, I first remove the inherent permissions. Then add the Data1 AD Security Group = Full. Then I remove the everyone user.
Everything does work, however, I am a bit confused on the Windows Permissions and the actual file ownership from the Linux side. The file/directory ownership is set to the userid + Domain Users. So, I'm concluding that the MMC Share/Permission stuff simply grant 'ACCESS' to the share. And the file ownership is based on the actual AD userid. And since Domain Users is the default group, we see that.
But I feel like I am missing something.....
More information about the samba