[Samba] Any drawback in changing primary group of domain users ?
Nicola Mingotti
nmingotti at gmail.com
Thu Feb 25 13:56:40 UTC 2021
After reading all of your considerations, which at the moment
I can only partially understand, this is what I made.
---- /etc/smb.conf --------------------
force group = adm
--------------------------------------------
It seemed to me the easiest solution. To perform and to maintain.
I leave the Primary Group to "Domain Users" for all Windows domain user,
not to go against Windows habits.
I will keep it working for a week and see if any issue emerges.
The benefits seems to be:
. Directories don't get by default "Domain user" group when written in
the ext4. So "Domain user" people
can go only where I say they can go through 'getfacl'. I don't need to
worry any more
about the interaction between Linux group permission and the W.Domain
users.
. My default user in NAS is in the group "adm". 'adm' is not defined
as a group in AD => I can walk freely in the shared disk still being
only a
"Linux user" without any Windows Domain Group.
thank you all for your insightful considerations and experience !
bye
Nicola
On 2/25/21 12:27 PM, Marco Gaiarin via samba wrote:
> Mandi! Nicola Mingotti via samba
> In chel di` si favelave...
>
>> The reason I want to perform this is because
>> if a user makes a directory It gets by default group
>> "Domain users".
> Try to change POSIX primary group, eg 'gidNumber:'.
>
> The only thing you have to note is that the group 'gidNumber' belong to
> have to be listed as one for which the user ar member, otherwise
> something unpredicted could be happen.
>
More information about the samba
mailing list