[root@rho profiles]# ls -la
total 16
drwxr-xrwt 4 root Domain Admins 4096 May 4 13:03 .
drwxr-xr-x 4 root Domain Admins 4096 May 4 10:05 ..
drwx------ 13 debra Domain Users 4096 May 4 12:52 debra
drwx------ 14 root Domain Users 4096 May 4 13:14 john
As you can see Debra's profile is created with the correct ownership(?) but
John's is created as owner "Administrator/root".
Now the only difference is that John is a Member of "Domain Admins"
although
both john & debra's primary group is 513 "Domain Users"
[profiles]
# chmod 1757 /domain/profiles
path = /domain/profiles
csc policy = disable
profile acls = yes
writeable = yes
browseable = no
create mask = 0600
directory mask = 0700
The next issue is unless I set the policy "Do not check check for user
ownership of Roaming profile folders" to 'enabled' ie no checking.
Debra can
not access her remote profile (even though she is the owner) while john can
access his.
Can anybody shed some light on this issue.
Regards John
Domain Admins, AFAIK, perform all actions as root. You can verify this in smb.conf. ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$&| |__| | | |__/ | \| _| | novosirj@umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Tue, 4 May 2004, John Arthur wrote:> > [root@rho profiles]# ls -la > total 16 > drwxr-xrwt 4 root Domain Admins 4096 May 4 13:03 . > drwxr-xr-x 4 root Domain Admins 4096 May 4 10:05 .. > drwx------ 13 debra Domain Users 4096 May 4 12:52 debra > drwx------ 14 root Domain Users 4096 May 4 13:14 john > > As you can see Debra's profile is created with the correct ownership(?) but > John's is created as owner "Administrator/root". > > Now the only difference is that John is a Member of "Domain Admins" although > both john & debra's primary group is 513 "Domain Users" > > > [profiles] > # chmod 1757 /domain/profiles > path = /domain/profiles > csc policy = disable > profile acls = yes > writeable = yes > browseable = no > create mask = 0600 > directory mask = 0700 > > > The next issue is unless I set the policy "Do not check check for user > ownership of Roaming profile folders" to 'enabled' ie no checking. Debra can > not access her remote profile (even though she is the owner) while john can > access his. > > Can anybody shed some light on this issue. > > Regards John > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
Disregard that -- I misunderstood you; I thought you were using the domain admin param in smb.conf. ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$&| |__| | | |__/ | \| _| | novosirj@umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Tue, 4 May 2004, John Arthur wrote:> > [root@rho profiles]# ls -la > total 16 > drwxr-xrwt 4 root Domain Admins 4096 May 4 13:03 . > drwxr-xr-x 4 root Domain Admins 4096 May 4 10:05 .. > drwx------ 13 debra Domain Users 4096 May 4 12:52 debra > drwx------ 14 root Domain Users 4096 May 4 13:14 john > > As you can see Debra's profile is created with the correct ownership(?) but > John's is created as owner "Administrator/root". > > Now the only difference is that John is a Member of "Domain Admins" although > both john & debra's primary group is 513 "Domain Users" > > > [profiles] > # chmod 1757 /domain/profiles > path = /domain/profiles > csc policy = disable > profile acls = yes > writeable = yes > browseable = no > create mask = 0600 > directory mask = 0700 > > > The next issue is unless I set the policy "Do not check check for user > ownership of Roaming profile folders" to 'enabled' ie no checking. Debra can > not access her remote profile (even though she is the owner) while john can > access his. > > Can anybody shed some light on this issue. > > Regards John > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >