Web lists-archives.com

Re: [Samba] Force primary group when using vfs_acl_xattr




On 19/07/2017 09:15, L.P.H. van Belle via samba wrote:
Did you set "creator group" in the windows security rights?
That sets the primary group. All my users have primary group "domain users".
Folder layout is protected by the windows ACL's.

Like this.

\\servser\share  ( lets call it F:\ )
I've setup like this.
F:\folder1 allow only NTDOM\Domain Admins and NTDOM\group_folder1 and creator group.
F:\folder2 allow only NTDOM\Domain Admins and NTDOM\group_folder2 and creator group.
F:\folder3 allow only NTDOM\Domain Admins and NTDOM\group_folder3 and creator group.
Etc.

The group_folderX make sure only members of that group can enter it.
But all files in the folder have "domain users" use for "creator group"
Which make it accessable and writable for any user, added to group_folderX.

Just my suggestion.

Greetz,

Louis


Hi Louis,
I already implemented a very similar setup.

Thanks for you feedback!

--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.danti@xxxxxxxxxx - info@xxxxxxxxxx
GPG public key ID: FF5F32A8

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba