[Samba] Any drawback in changing primary group of domain users ?
Roy Eastwood
spindles7 at gmail.com
Thu Feb 25 15:40:12 UTC 2021
> Nicola wrote
> After reading all of your considerations, which at the moment
> I can only partially understand, this is what I made.
>
> ---- /etc/smb.conf --------------------
> force group = adm
> --------------------------------------------
>
> It seemed to me the easiest solution. To perform and to maintain.
>
> I leave the Primary Group to "Domain Users" for all Windows domain user,
> not to go against Windows habits.
>
> I will keep it working for a week and see if any issue emerges.
>
> The benefits seems to be:
>
> . Directories don't get by default "Domain user" group when written in
> the ext4. So "Domain user" people
> can go only where I say they can go through 'getfacl'. I don't need to
> worry any more
> about the interaction between Linux group permission and the W.Domain
> users.
>
> . My default user in NAS is in the group "adm". 'adm' is not defined
> as a group in AD => I can walk freely in the shared disk still being
> only a
> "Linux user" without any Windows Domain Group.
>
> thank you all for your insightful considerations and experience !
>
> bye
> Nicola
>
Maybe I've misunderstood your issues, but if you add
acl_xattr:ignore system acl = yes
to your smb.conf (instead of force group) will that solve the problem?
Roy
More information about the samba
mailing list