[Samba] Setting up Profiles share... 777?!
Marco Gaiarin
gaio at lilliput.linux.it
Tue Nov 28 15:00:22 UTC 2023
In a fresh samba AD domain i'm setting up the 'Profiles' share for roaming
profiles, following the wiki:
https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
leading to:
[profiles]
comment = Network Profiles Share
csc policy = disable
map acl inherit = Yes
path = /srv/samba/profiles
read only = No
vfs objects = acl_xattr
acl_xattr:default acl style = windows
acl_xattr:ignore system acls = yes
But failing to create profiles for users; after fiddling a bit, i was forced
to have '/srv/samba/profiles' as 775 :unixadm (a group member of 'Domain
Aministrators') and profile folders get created '777':
root at vdmacpn1:~# ls -la /srv/samba/profiles/
totale 16
drwxrwxr-x 7 gaio unixadm 92 28 nov 15.49 .
drwxrwxr-x 5 root root 54 2 nov 19.24 ..
drwxrwxrwx 2 daniela segreteria 6 4 nov 10.57 daniela.V2
drwxrwxrwx 16 daniela segreteria 281 25 nov 11.59 daniela.V6
drwxrwxrwx 15 gaio domain users 272 28 nov 15.49 gaio.V2
drwxrwxrwx 15 gaio sa 4096 28 nov 14.47 gaio.V2.good
drwxrwxrwx 17 gaio sa 4096 4 nov 11.57 gaio.V6
This seems a little strange and dangerous to me.
What i'm missing?! Thanks.
--
Stiamo arrivando a Beziers. Attento alle curve.
(Claudio, in auto con Igor diretto in Spagna)
More information about the samba
mailing list