Web lists-archives.com

Re: [Samba] Force primary group when using vfs_acl_xattr




 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> Gionatan Danti via samba
> Verzonden: dinsdag 18 juli 2017 23:42
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] Force primary group when using vfs_acl_xattr
> 
> Il 18-07-2017 00:26 Gionatan Danti via samba ha scritto:
> > Hi list,
> > I have a question regarding how to force the primary group id when 
> > using the vfs_acl_xattr module.
> > 
> > Normally, without vfs_acl_xattr, all I need to do is to 
> chmod g+s the 
> > main directory/share and the normal Linux permissions do 
> the rest: any 
> > new file/dir will be created with the same group as the main 
> > directory.
> > 
> > However, when using vfs_acl_xattr, it simply does not work: child 
> > files/dirs are created with the primary group id of the connected 
> > user.
> > 
> > So, I have two questions:
> > 1) is this the intended behavior, or I am missing something?
> > 2) it is possible, and how, to force a primary group when using 
> > vfs_acl_xattr?

Did you set "creator group" in the windows security rights? 
That sets the primary group. All my users have primary group "domain users". 
Folder layout is protected by the windows ACL's. 

Like this. 

\\servser\share  ( lets call it F:\ ) 
I've setup like this. 
F:\folder1 allow only NTDOM\Domain Admins and NTDOM\group_folder1 and creator group.
F:\folder2 allow only NTDOM\Domain Admins and NTDOM\group_folder2 and creator group.
F:\folder3 allow only NTDOM\Domain Admins and NTDOM\group_folder3 and creator group.
Etc.

The group_folderX make sure only members of that group can enter it. 
But all files in the folder have "domain users" use for "creator group" 
Which make it accessable and writable for any user, added to group_folderX.

Just my suggestion. 

Greetz, 

Louis



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba