samba - Jan 2005 - Active Directory + Samba 3.0.10 -> how to deal with owners and permissions

Hi.

I've a running samba system that works with a ADS auth. All looks like to
work. I can get the list of Domain users and groups (wbinfo -u, wbinfo
-g), and "getent passwd" works too.

Now I want to share a directory(or volume) and that the
DOMAIN/Administrator be the owner of this share to get the control of it.

I don't know how samba deals with resource owners and permissions in a AD
context? Do I need to change the owner by hand to DOMAIN/Administrator in
the samba system to this share? Is it possible to say to samba that this
share is owned by DOMAIN/Administrator?.

Thanks.

jmruiz@correo.animatika.net wrote:
> Hi.
> 
> I've a running samba system that works with a ADS auth. All looks like
to
> work. I can get the list of Domain users and groups (wbinfo -u, wbinfo
> -g), and "getent passwd" works too.
> 
> Now I want to share a directory(or volume) and that the
> DOMAIN/Administrator be the owner of this share to get the control of it.
> 
> I don't know how samba deals with resource owners and permissions in a
AD
> context? Do I need to change the owner by hand to DOMAIN/Administrator in
> the samba system to this share? Is it possible to say to samba that this
> share is owned by DOMAIN/Administrator?.
> 
> Thanks.
I would just leave the filesystem to sort that out:

mkdir mydirectory
chown DOMAIN/Administrator mydirectory (be aware of winbind seperator =)
add the share to samba normally

Now when users browse to it (if they have permission) they will be able 
to see the owner is administrator)

This is a nice way to administer the "base" of a share system:

-fileroot (shared as fileroot$, browseable no, read list @ntadmin, write 
list @ntadmin)
-- share1 (shared normally)
-- share2
-- share3
-- share4

Like this, i can open up fileroot$ and set permissions on shares easily, 
also I have a "back door" to shares that may otherwise lock me out.

Hope that helps,
H
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url :
http://lists.samba.org/archive/samba/attachments/20050128/c4b1d3bd/signature.bin

jmruiz@correo.animatika.net wrote:
>>I would just leave the filesystem to sort that out:
>>
>>mkdir mydirectory
>>chown DOMAIN/Administrator mydirectory (be aware of winbind seperator =)
>>add the share to samba normally
>>
>>Now when users browse to it (if they have permission) they will be able
>>to see the owner is administrator)
>>
>>This is a nice way to administer the "base" of a share system:
>>
>>-fileroot (shared as fileroot$, browseable no, read list @ntadmin, write
>>list @ntadmin)
>>-- share1 (shared normally)
>>-- share2
>>-- share3
>>-- share4
>>
>>Like this, i can open up fileroot$ and set permissions on shares easily,
>>also I have a "back door" to shares that may otherwise lock me
out.
>>
> 
> Then, do I need to manually (or through an script) change the permissions
> and ownership of the files? is not there an automatic mechanism?
> 
I dont understand what you want? If you have a directory there already, 
you can change ownership with chmod, if you want all the files in the 
directory, you can chmod -R /dir/name/*
Files created by users will be owned by them, unless you use force user.
If you connect to the files through windows, you can set ownership and 
permissions through the normal windows method.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url :
http://lists.samba.org/archive/samba/attachments/20050128/8a9807cf/signature.bin