[Samba] rights files and folders

Maurizio Caloro maurizio at caloro.ch
Wed Feb 3 12:57:24 UTC 2021 

Dear all

Here on the Fileserver I'am running with Debian 10 and Samba Version
4.9.5+dfsg-5+deb10u1
This machine are running as Fileserver. And a a Member from AD Samba 4.13.2

If creating a new file i am the only owner, I need that everyone are the
owner, also when iam
Changing or recreate this file. Please are here the mistake, thanks for
possible update.

Regards
Maui


 cat /etc/samba/smb.conf
[global]
     workgroup = CA
     security = ADS
     realm = CA.LOCAL

     dedicated keytab file = /etc/krb5.keytab
     kerberos method = secrets and keytab
     server string = Samba Client %h

     winbind use default domain = yes
     winbind expand groups = 2
     winbind refresh tickets = Yes
     winbind offline logon = yes
     dns proxy = no

     idmap config * : backend = tdb
     idmap config * : range = 3000-7999
     idmap config CA : backend = rid
     idmap config CA : range = 10000-999999
     template shell = /bin/bash
     template homedir = /home/%U

     domain master = no
     local master = no
     preferred master = no
     host msdfs = no

     # user Administrator workaround, without it you are unable to set
privileges
     username map = /etc/samba/user.map

     # For ACL support on domain member
     vfs objects = acl_xattr
     map acl inherit = Yes
     store dos attributes = Yes

     # Share Setting Globally
     unix extensions = no
     reset on zero vc = yes
     hide unreadable = yes

     # disable printing completely
     load printers = no
     printing = bsd
     printcap name = /dev/null
     disable spoolss = yes

     # logging
     log level = 0
     max log size = 1000

[USERHOME]
        path = /shares/Userhome/
        read only = no
        force create mode = 0600
        force directory mode = 0700

[DETACH]
        path = /shares/detach
        read only = no
        force create mode = 0600
        force directory mode = 0700

[DATA]
        path = /shares/data
        read only = no
        force create mode = 0600
        force directory mode = 0700



>I have no real idea about this because there is no context, just what is
'fileserver' setup ?
>
>Just about all I can say is that there are extended ACL's set (see the '+'
sign at the end of the Unix permissions), perhaps these need changing 
>Also, can I point out, do not send me private mail unless I ask for it,
send all mail to the list.
>
>Rowland

More information about the samba mailing list