[Samba] Backend RID and UNIX Primary Group...
Marco Gaiarin
gaio at lilliput.linux.it
Tue Nov 11 17:55:49 UTC 2025
Mandi! Rowland Penny via samba
In chel di` si favelave...
> If you use the 'rid' idmap backend all users get Domain Users as their
> primary group ID, an example:
>
> id rowland
> uid=11104(rowland) gid=10513(domain users) groups=10513(domain
> users)..........
>
> but the users also get their own private group:
>
> getent group rowland
> rowland:x:11104:rowland
>
> This comes from Samba and the 'rid' backend.
This is a bit problematic... if i use POSIX ACL and vfs_acl, this mean that
all file and folder created by users get full access for all other users...
> You can change a user primary group by pointing their 'primaryGroupID'
> at a different RID, but you would also have to join the user to
> the Domain Users group. Windows expects every user to be a member of
> Domain Users, so there is little point in changing the users primary
> group.
As in AD backend. But i supposed was a 'problem' (a glitch, indeed) of using
AD backend...
Anyway, the point is that: files and folders on UNIX get created (by
default) with the primary group of the user, and so if this is 'Domain
Users' all file are by default 'open' to other...
--
More information about the samba
mailing list