[Samba] Any drawback in changing primary group of domain users ?
Marco Gaiarin
gaio at sv.lnf.it
Thu Feb 25 09:06:02 UTC 2021
Mandi! Nicola Mingotti via samba
In chel di` si favelave...
> In these days I am trying to do some polishing/tuning in my NAS
> and I focused my attention on a detail: all domain users have
> "Primary group" set to "Domain users".
It is needed to do some distiction: do you mean 'windows primary group'
or 'POSIX primary group'?
AFAI've understood, the former HAVE to be 'Domain users' and 'cannot'
be changed; the second may change, but have to be listed in (normal)
group membership.
> I don't like it much. I would prefer e.g. the user 'foo' to have
> by default as primary group 'g-foo'.
Corect. This could have also some ''security implication'', if you use
POSIX ACLs: by default the permission mask is equal to the POSIX primary
group memebrship, so this lead to new file and folder created by user with
group 'Domain Users' and group writeable, eg new files are writaeable
by any users (in 'Domain Users').
> Before I do systematic change to all my users I would like
> to know your opinion about this. Do you foresee any issue
> if I perform such a move ?
> Also, I can change the Primary group from Windows tools
> but i can't find a proper way of doing it from Linux.
> Any ideas ?
I'm still a bit 'confused' in this topic, too, so i seek some feedback
me too...
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list