[Samba] Profile and home-dir permissions
Jürgen Echter
j.echter at echter-kuechen-elektro.de
Tue Mar 15 20:57:16 UTC 2022
Hi,
i think this (Windows ACL):
Domain Users*Read & executeThis folder onlyCREATOR OWNERFull controlSubfolders and files onlyDomain AdminsFull controlThis folder, subfolders and files
would achieve this.
Domain Users can Read & Execute the profiles dir, there you have user1, user2 and so on. These are the CREATOR OWNER's for their subfolder. So they can access //Profiles/ and enter their user dir, but not the dirs of other users.
Your Downloads, Documents etc are accessed like this \\smbfs\homedrives\user1\Downloads\. If i, user1, try to access \\smbfs\homedrives\user2\ i get access denied.
I do see all the user dirs if i only list \\smbfs\homedrives\ but i can only enter my own.
Am Dienstag, März 15, 2022 21:22 CET, schrieb "Greg Sloop <gregs--- via samba" <samba at lists.samba.org>:
Yeah, I've seen that, but that's not what I'm recalling.
It went something like this...
On this directory only, Domain users have the rights to create folders.
(And nothing else)
Inherited permissions on the root give the creator-owner full rights.
This allows the user to create their own profile directory or home
directory; and since they'll be the creator-owner they'll get inherited
"full" permissions.
But they can't access other user's directories because they're not the
creator-owner of those directories.
It may well be that I only used this for profile directories.
But it's been a really long time since I last set this up and I can't go
back and look at that installation to see how I did it. I thought I'd seen
the example either on the list or the Samba Wiki - but perhaps I recall
that wrong.
If anyone knows what I'm talking about, and has a pointer, I'd be thrilled!
:)
On Tue, Mar 15, 2022 at 12:10 PM Jürgen Echter via samba <
samba at lists.samba.org> wrote:
>
> Hi,
>
> https://wiki.samba.org/index.php/Windows_User_Home_Folders
>
> Hope this helps.
>
> Am Dienstag, März 15, 2022 19:30 CET, schrieb "Greg Sloop <gregs--- via
> samba" <samba at lists.samba.org>:
> Can someone refresh my memory?
>
> I want to create the home and profile base/root directory, and then allow
> "regular-users" to be able to create their home and profile directories (as
> they login the first time) and then get full permission to those. (But they
> wouldn't have permissions to other users home/profile directories.)
>
> I think it's something like the folder creator gets full permissions, but I
> honestly can't recall how to do that.
>
> Any quick reference page somewhere? (Someone has to have created a Wiki
> page, right? If not, remind me how and I'll write it.)
>
> Assume I'm setting this from the Windows file permissions UI.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list