[root@rho profiles]# ls -la total 16 drwxr-xrwt 4 root Domain Admins 4096 May 4 13:03 . drwxr-xr-x 4 root Domain Admins 4096 May 4 10:05 .. drwx------ 13 debra Domain Users 4096 May 4 12:52 debra drwx------ 14 root Domain Users 4096 May 4 13:14 john As you can see Debra's profile is created with the correct ownership(?) but John's is created as owner "Administrator/root". Now the only difference is that John is a Member of "Domain Admins" although both john & debra's primary group is 513 "Domain Users" [profiles] # chmod 1757 /domain/profiles path = /domain/profiles csc policy = disable profile acls = yes writeable = yes browseable = no create mask = 0600 directory mask = 0700 The next issue is unless I set the policy "Do not check check for user ownership of Roaming profile folders" to 'enabled' ie no checking. Debra can not access her remote profile (even though she is the owner) while john can access his. Can anybody shed some light on this issue. Regards John
Domain Admins, AFAIK, perform all actions as root. You can verify this in smb.conf. ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$&| |__| | | |__/ | \| _| | novosirj@umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Tue, 4 May 2004, John Arthur wrote:> > [root@rho profiles]# ls -la > total 16 > drwxr-xrwt 4 root Domain Admins 4096 May 4 13:03 . > drwxr-xr-x 4 root Domain Admins 4096 May 4 10:05 .. > drwx------ 13 debra Domain Users 4096 May 4 12:52 debra > drwx------ 14 root Domain Users 4096 May 4 13:14 john > > As you can see Debra's profile is created with the correct ownership(?) but > John's is created as owner "Administrator/root". > > Now the only difference is that John is a Member of "Domain Admins" although > both john & debra's primary group is 513 "Domain Users" > > > [profiles] > # chmod 1757 /domain/profiles > path = /domain/profiles > csc policy = disable > profile acls = yes > writeable = yes > browseable = no > create mask = 0600 > directory mask = 0700 > > > The next issue is unless I set the policy "Do not check check for user > ownership of Roaming profile folders" to 'enabled' ie no checking. Debra can > not access her remote profile (even though she is the owner) while john can > access his. > > Can anybody shed some light on this issue. > > Regards John > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
Disregard that -- I misunderstood you; I thought you were using the domain admin param in smb.conf. ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$&| |__| | | |__/ | \| _| | novosirj@umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Tue, 4 May 2004, John Arthur wrote:> > [root@rho profiles]# ls -la > total 16 > drwxr-xrwt 4 root Domain Admins 4096 May 4 13:03 . > drwxr-xr-x 4 root Domain Admins 4096 May 4 10:05 .. > drwx------ 13 debra Domain Users 4096 May 4 12:52 debra > drwx------ 14 root Domain Users 4096 May 4 13:14 john > > As you can see Debra's profile is created with the correct ownership(?) but > John's is created as owner "Administrator/root". > > Now the only difference is that John is a Member of "Domain Admins" although > both john & debra's primary group is 513 "Domain Users" > > > [profiles] > # chmod 1757 /domain/profiles > path = /domain/profiles > csc policy = disable > profile acls = yes > writeable = yes > browseable = no > create mask = 0600 > directory mask = 0700 > > > The next issue is unless I set the policy "Do not check check for user > ownership of Roaming profile folders" to 'enabled' ie no checking. Debra can > not access her remote profile (even though she is the owner) while john can > access his. > > Can anybody shed some light on this issue. > > Regards John > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >