[Samba] How to give AD users group permissions on a Samba share
Mark Foley
mfoley at novatec-inc.com
Tue Jun 4 17:22:49 UTC 2024
I have a Linux file server that is an AD Domain Member. It shares the
following (smb.conf):
[public]
path = /public
store dos attributes = no
hide dot files = yes
readonly = no
force group = ohprs
create mask = 0660
directory mask = 2770
The "force group" lets all Windows users map this folder and create
files and directories that all users can access and update. They are
created with their own user ID and the specified group (ohprs). That has
worked well for some time, but now the Boss wants his own folder. No
problem, I created a group for him and created a folder belonging to
that group, 'mark':
:
drwxrwsr-x 24 ohprso ohprs 4096 2024-05-13 11:40 jane/
drwxrws---+ 2 HPRS\mark mark 4096 2024-05-28 00:14 mark/
drwxrws--x 4 ohprso ohprs 4096 2024-04-28 21:58 mfoleyOutlook/
:
He can now add files to this folder from his Windows mapped drive:
$ ls -l mark
total 8
-rwxrwx---+ 1 HPRS\mark ohprs 445 2024-05-28 00:14 testme.txt*
(Not sure why it sets the x bit since the create mask 0660 does not, but
not important for now.)
Two problems:
1. As you can see from the example, files created in this directory are
group 'ohprs', not 'mark' -- probably because of the group mask, but I
had hoped the S bit on the parent directory would serve to inherit the
group name. Apparently not. Not a huge issue since other users don't
have rwx permission to see or update these files. But, is there a way to
have files in this directory inherit the 'mark' group?
2. Bigger issue - the Boss wants his admin. assistant to also be able to
see and update files in his folder. Normally, one would do a 'usermod -a
-G' to add the assistant to group 'mark'. But, these are Domain users
and are not in /etc/passwd. So, how can I do this?
Thanks --Mark
More information about the samba
mailing list