[Samba] Profile and home-dir permissions
Jürgen Echter
j.echter at echter-kuechen-elektro.de
Tue Mar 15 21:05:08 UTC 2022
sorry, i always forget to switch from html mails to text only and my quoting gets meesed up.
Am Dienstag, März 15, 2022 21:57 CET, schrieb Jürgen Echter via samba <samba at lists.samba.org>:
>
> Hi,
>
> i think this (Windows ACL):
> Domain Users*Read & executeThis folder onlyCREATOR OWNERFull controlSubfolders and files onlyDomain AdminsFull controlThis folder, subfolders and files
>
> would achieve this.
>
> Domain Users can Read & Execute the profiles dir, there you have user1, user2 and so on. These are the CREATOR OWNER's for their subfolder. So they can access //Profiles/ and enter their user dir, but not the dirs of other users.
>
> Your Downloads, Documents etc are accessed like this \\smbfs\homedrives\user1\Downloads\. If i, user1, try to access \\smbfs\homedrives\user2\ i get access denied.
>
> I do see all the user dirs if i only list \\smbfs\homedrives\ but i can only enter my own.
>
>
> Am Dienstag, März 15, 2022 21:22 CET, schrieb "Greg Sloop <gregs--- via samba" <samba at lists.samba.org>:
> Yeah, I've seen that, but that's not what I'm recalling.
>
> It went something like this...
> On this directory only, Domain users have the rights to create folders.
> (And nothing else)
> Inherited permissions on the root give the creator-owner full rights.
>
> This allows the user to create their own profile directory or home
> directory; and since they'll be the creator-owner they'll get inherited
> "full" permissions.
> But they can't access other user's directories because they're not the
> creator-owner of those directories.
>
> It may well be that I only used this for profile directories.
>
> But it's been a really long time since I last set this up and I can't go
> back and look at that installation to see how I did it. I thought I'd seen
> the example either on the list or the Samba Wiki - but perhaps I recall
> that wrong.
>
> If anyone knows what I'm talking about, and has a pointer, I'd be thrilled!
> :)
>
> On Tue, Mar 15, 2022 at 12:10 PM Jürgen Echter via samba <
> samba at lists.samba.org> wrote:
>
> >
> > Hi,
> >
> > https://wiki.samba.org/index.php/Windows_User_Home_Folders
> >
> > Hope this helps.
> >
> > Am Dienstag, März 15, 2022 19:30 CET, schrieb "Greg Sloop <gregs--- via
> > samba" <samba at lists.samba.org>:
> > Can someone refresh my memory?
> >
> > I want to create the home and profile base/root directory, and then allow
> > "regular-users" to be able to create their home and profile directories (as
> > they login the first time) and then get full permission to those. (But they
> > wouldn't have permissions to other users home/profile directories.)
> >
> > I think it's something like the folder creator gets full permissions, but I
> > honestly can't recall how to do that.
> >
> > Any quick reference page somewhere? (Someone has to have created a Wiki
> > page, right? If not, remind me how and I'll write it.)
> >
> > Assume I'm setting this from the Windows file permissions UI.
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list