[Samba] How to give AD users group permissions on a Samba share

Mark Foley mfoley at novatec-inc.com
Tue Jun 4 17:22:49 UTC 2024

I have a Linux file server that is an AD Domain Member. It shares the 
following (smb.conf):

path = /public
store dos attributes = no
hide dot files = yes
readonly = no
force group = ohprs
create mask = 0660
directory mask = 2770

The "force group" lets all Windows users map this folder and create 
files and directories that all users can access and update. They are 
created with their own user ID and the specified group (ohprs). That has 
worked well for some time, but now the Boss wants his own folder. No 
problem, I created a group for him and created a folder belonging to 
that group, 'mark':

drwxrwsr-x  24 ohprso    ohprs   4096 2024-05-13 11:40 jane/
drwxrws---+  2 HPRS\mark mark    4096 2024-05-28 00:14 mark/
drwxrws--x   4 ohprso    ohprs   4096 2024-04-28 21:58 mfoleyOutlook/

He can now add files to this folder from his Windows mapped drive:

$ ls -l mark
total 8
-rwxrwx---+ 1 HPRS\mark ohprs 445 2024-05-28 00:14 testme.txt*

(Not sure why it sets the x bit since the create mask 0660 does not, but 
not important for now.)

Two problems:

1. As you can see from the example, files created in this directory are 
group 'ohprs', not 'mark' -- probably because of the group mask, but I 
had hoped the S bit on the parent directory would serve to inherit the 
group name. Apparently not. Not a huge issue since other users don't 
have rwx permission to see or update these files. But, is there a way to 
have files in this directory inherit the 'mark' group?

2. Bigger issue - the Boss wants his admin. assistant to also be able to 
see and update files in his folder. Normally, one would do a 'usermod -a 
-G' to add the assistant to group 'mark'. But, these are Domain users 
and are not in /etc/passwd. So, how can I do this?

Thanks --Mark

More information about the samba mailing list