[Samba] old ACL on member server
Rowland Penny
rpenny at samba.org
Sun Oct 23 07:12:09 UTC 2022
On 22/10/2022 23:51, Nicolas Canonne via samba wrote:
> Hi Rowland,
>
> Sorry for the very long feed-back and thanks for your answers
>
> Issue was well with permissions on shares.
>
> New shares folders have be created with "SMB\Administrator":"SMB\domain
> users" permissions
>
You appear to have a word missing from the sentence above, that word is
'not', as in:
New shares folders have not to be created with "SMB\Administrator"
Never use Administrator on a Samba machine, you should be using a
usermap to map Administrator to root, you should have this line in every
Unix domain member smb.conf:
username map = /etc/samba/user.map
and /etc/samba/user.map should contain just this:
!root = SMB\Administrator
Administrator is automatically mapped to root in idmap.ldb on a Samba DC.
If you have any files/directories belonging to Administrator on any
Samba machine, I suggest you follow the above and then 'chown' them to root.
> Then, old shared files have been copied to the new shares via Windows
> client running Administrator account.
>
> Permissions on new shares are then valid.
>
> The trick is well to copy files, hoping this will help others.
No, the trick is to do it correctly in the first place.
Rowland
More information about the samba
mailing list