-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I've currently login through ssh enabled to work over winbind. I can use domain logins successfully on the linux machine. Upon first login their home directory gets create and everything is fine. But the user is only a member of all windows groups, e.g. uid=10000(markus) gid=10000(Dom??nen-Benutzer) groups=10000(Dom??nen-Benutzer),10001(Projects),10002(WebDevelopment),10003(lokale Administratoren) and thus has no special rights on the machine itself. I'm having a samba share on this machine, for web development, where multiple users can read/write everything. The share is only available for the above group WebDevelopment. Through samba, I'm mapping all individual users to www-data.www-data, so a file created by my user 'markus' is not created as user 'markus' on the filesystem but as user 'www-data'. There are two main reasons for this: * apache needs write permissions in certain directories on this share * subversion, used on the samba-clients (windows machines), require it's control files .svn user-writable which clashes often because on one checkout multiple users are commiting (I know this is a gray area even on subversion side, but complex web setups don't make things easy). My first take was to map a windows group to a unix group. I tried net groupmap add ntgroup=WebDevelopment unixgroup=www-data but it didn't really changed anything. I could see my mapping with "groupmap list" but permission-wise there was no difference. My second try was to add a unix group to the windows users, which also wasn't possible because the user didn't contain any /etc/passwd entry ... Are there any advices how I can solve this group problems? I'm also open to other suggestion regarding the issue. thanks, - - Markus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEppzd1nS0RcInK9ARAp8HAJsE55DbesmuLzt83qSH71qG5WcH2QCgxER1 SbyxBYt/7UczrZQSA2kPGp4=Bypx -----END PGP SIGNATURE-----
Gerald (Jerry) Carter
2006-Jul-01 18:09 UTC
[Samba] Adding domain user on linux to a unix group
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Markus Fischer wrote:> My first take was to map a windows group to a unix > group. I tried > net groupmap add ntgroup=WebDevelopment unixgroup=www-data > but it didn't really changed anything. I could see my > mapping with "groupmap list" but permission-wise there > was no difference.See 'winbind nested groups' in smb.conf(5). cheers, jerry ====================================================================Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEpro2IR7qMdg1EfYRAm2aAKCHN36KwwsbPE/V87bP+A44muaVcwCgqT72 Z/advsbpLMi+prsU4jvlhl0=9mBz -----END PGP SIGNATURE-----