[Samba] Any drawback in changing primary group of domain users ?
Marco Gaiarin
gaio at sv.lnf.it
Thu Feb 25 12:18:28 UTC 2021
Mandi! Rowland penny via samba
In chel di` si favelave...
> But why do need to use a primary group that isn't Domain Users ?
> Nobody has ever been able to answer that to my satisfaction, I usually get
> something along the lines of 'that is how Unix has always done it'
I hope i was clear.
By default in UNIX new file and folder are group-owned by the POSIX
primary group of the user that create it.
By default, vfs_acl_xattr take into account POSIX primary group and
have permissive setup for CREATOR_GROUP.
The result is that, apart doing some configuration, all users have
access (at least read access, mostly write access) to all newly created
file and folder.
> That will not make 'getent passwd' show a Unix group as the users primary
> group, not unless you set the required 'idmap config' line in smb.conf on
> the Unix domain member, but the users primary group on Windows would still
> be Domain Users and I do not think it is a good idea to have different
> primary groups depending on the OS.
Ah! Damn me! I've forgot it!
It is needed to add to [globals] in smb.conf:
idmap config DOMAIN_NAME : unix_primary_group = yes
right... excuse me...
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list