[Samba] Group-based access instead of user-based?
Robert Marcano
robert at marcanoonline.com
Mon Sep 12 12:28:20 UTC 2022
On 9/12/22 3:39 AM, tom uijldert via samba wrote:
> Hi Rowland,
>
> Thanks for the tips, much appreciated. Please find my response below.
>
> Thanks,
> Tom.
>
> -----Original Message-----
> From: Rowland Penny <rpenny at samba.org>
> Sent: 09 September 2022 17:39
>
>>>
>>> Joined to our domain as member server, all domain users are mapped to
>>> 1 unix account/group.
>>
>> It would be better to recreate the group in AD (or use Domain Users which all domain members are members of), delete the Unix group and then use vfs_acl_xattr and set > the permissions either from Windows od with setfacl.
>
> The goal here is/was to have a directory that could be used fairly freely by all domain members of that particular group.
> This seemed to me the most simple and straightforward setup.
> The unix security setting is simple and something I more or less "get" where, frankly, the whole Windows ACL-stuff seems overly complicated. But granted, that may be my limitation.
The most simple setup I use when there are no complex ACL requirements,
like your example, just let a group of people work freely on a share, I
use this:
[share]
...
create mask = 660
directory mask = 770
force group = mygroup
valid users = @mygroup
Just plain Unix permissions, no POSIX ACLs, no Windows ACLS.
>
>>
>> It would also help if you posted your smb.conf (that way we can confirm how you are running Samba).
>
> Please find the smb.conf attached, it is the share [volwww] that we are testing.
> For completeness sake I also included the mapping file (users.map).
>
>
>
More information about the samba
mailing list