[Samba] Any drawback in changing primary group of domain users ?

Roy Eastwood spindles7 at gmail.com
Thu Feb 25 15:40:12 UTC 2021

> Nicola wrote
> After reading all of your considerations, which at the moment
> I can only partially understand, this is what I made.
> ---- /etc/smb.conf --------------------
> force group = adm
> --------------------------------------------
> It seemed to me the easiest solution. To perform and to maintain.
> I leave the Primary Group to "Domain Users" for all Windows domain user,
> not to go against Windows habits.
> I will keep it working for a week and see if any issue emerges.
> The benefits seems to be:
> . Directories don't get by default "Domain user" group when written in
> the ext4. So "Domain user" people
> can go only where I say they can go through 'getfacl'.  I don't need to
> worry any more
> about the interaction between Linux group permission and the W.Domain
> users.
> . My default user in NAS  is in the group "adm". 'adm' is not defined
> as a group in AD => I can walk  freely in the shared disk still being
> only a
> "Linux user" without any Windows Domain Group.
> thank you all for your insightful considerations and experience !
> bye
> Nicola
Maybe I've misunderstood your issues, but if you add
 	acl_xattr:ignore system acl = yes
to your smb.conf (instead of force group) will that solve the problem?


More information about the samba mailing list