[Samba] Any drawback in changing primary group of domain users ?

Marco Gaiarin gaio at sv.lnf.it
Thu Feb 25 11:22:12 UTC 2021


Mandi! Rowland penny via samba
  In chel di` si favelave...

> I took it as Windows primary group, mainly because there is no concept of
> POSIX primary group in AD. A user can have a gidNumber attribute, but this
> has nothing to do with any primary group.

Right. But when you have to write data to a share backed up with POSIX
ACL (and AFAIK vfs_acl_xattr is a VFS module loaded by default, and
acl_xattr:default acl style = posix is the default) file get created
with POSIX primary group.

So, effectively if you want files not to be owned by 'Domain Users' you
have two path:

a) tackle with vfs_acl_xattr parameters and disable POSIX ACL

b) change POSIX primary group.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)



More information about the samba mailing list