[Samba] Any drawback in changing primary group of domain users ?
Rowland penny
rpenny at samba.org
Thu Feb 25 11:38:00 UTC 2021
On 25/02/2021 11:22, Marco Gaiarin via samba wrote:
> Mandi! Rowland penny via samba
> In chel di` si favelave...
>
>> I took it as Windows primary group, mainly because there is no concept of
>> POSIX primary group in AD. A user can have a gidNumber attribute, but this
>> has nothing to do with any primary group.
> Right. But when you have to write data to a share backed up with POSIX
> ACL (and AFAIK vfs_acl_xattr is a VFS module loaded by default, and
> acl_xattr:default acl style = posix is the default) file get created
> with POSIX primary group.
Well, yes, but my Unix primary group is:
rowland at devstation:~$ getent passwd rowland
rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
rowland at devstation:~$ getent group 10000 | awk -F ':' '{print $1}'
domain users
OOH, look, my Unix primary group is a AD group
>
> So, effectively if you want files not to be owned by 'Domain Users' you
> have two path:
>
> a) tackle with vfs_acl_xattr parameters and disable POSIX ACL
>
> b) change POSIX primary group.
But why do need to use a primary group that isn't Domain Users ?
Nobody has ever been able to answer that to my satisfaction, I usually
get something along the lines of 'that is how Unix has always done it'
Rowland
More information about the samba
mailing list