[Samba] unix_primary_group not used when writing files
rpenny at samba.org
Thu Aug 18 09:24:57 UTC 2022
On Thu, 2022-08-18 at 10:00 +0100, Matthew Richardson via samba wrote:
> Thanks for the extra info.
> > > However even with this setting and having restarted samba etc the
> > > files are
> > > still group 'domain user'.
> > Yes and this IS correct and the default..
> > I recommend NOT to change it.. and you really must..
> > Change primaryGroupID in the AD, but really, use ACLS..
> This doesn't seem to agree with what the Samba wiki docs say:
> "There is now a new setting unix_primary_group, this allows you to
> another group for the users primary group instead of Domain Users.
> If this is set with unix_primary_group = yes, the users primary group
> obtained from the gidNumber attribute found in the users AD object."
> "Whichever setting you use, do not change the users primaryGroupID
> attribute, Windows relies on all users being a member of Domain
Yes, whatever you do, do not change the primaryGroupID attribute.
> > So whats set as ACL on /home/alice
> > getfacl /home/alice
> Currently I have it set to being owned by group g_alice:
> $ getfacl /home/alice
> getfacl: Removing leading '/' from absolute path names
> # file: home/alice
> # owner: alice
> # group: g_alice
> I could explicitly set 'mandatory' ACLs on the homedir and have these
> propagate, but that feels like a workaround for something that the
> imply shouldn't be needed?
Where does it imply that ? tell me and I will change it.
Your problem is possibly being caused by the share being connected by a
member of the g_alice group (yes, I know there is only one user) and
the group doesn't have write access.
> hosts: files dns
> > The smb.conf is correct. Ow. ps, one thing..
> > you don’t have " winbind refresh tickets = yes" in add it.
> > At least, the only thing I didn’t see.
> I do have this in - though I assumed it wasn't relevant at this
It is always relevant, without it being set, your kerberos tickets will
expire after 10hrs and will not get renewed.
More information about the samba