Nicola Mingotti
2021-Feb-25 09:58 UTC
[Samba] What happens to files if an employee quits - user removed from AD
Hi again, sorry for opening many topics, it is just Samba time for me these days and I have a lot of new questions. When I moved all our company NAS from WindowsServer to Linux/Samba all files where owned by 'root' and had group 'adm'. All access were regulated only trough ACL. Now I see users are creating a lot of new directory and files, of course. Which have as owner the AD users. My question is, suppose user 'foo' leaves the company tomorrow. He made quite a few directories and files. In theory I should remove the user from AD so suppose I do it, I remove user 'foo' from AD. What will happen to 'foo' owned files ? Who will become the owner? Will disk remain in a consistent state ? I am also considering changing the owner of all files to 'root' every night. Because the actual owner of all files isn't any user, is the company. I don't do 'force user = root' in smb.conf because I like to see who is doing what in the log files. bye Nicola
Rowland penny
2021-Feb-25 10:26 UTC
[Samba] What happens to files if an employee quits - user removed from AD
On 25/02/2021 09:58, Nicola Mingotti via samba wrote:> > Hi again, > > sorry for opening many topics, it is just Samba time for > me these days and I have a lot of new questions. > > When I moved all our company NAS from WindowsServer to Linux/Samba > all files where owned by 'root' and had group 'adm'. > All access were regulated only trough ACL. > > Now I see users are creating a lot of new > directory and files, of course. Which have as owner > the AD users. > > My question is, suppose user 'foo' leaves the company > tomorrow. He made quite a few directories and files. > In theory I should remove the user from AD so suppose > I do it, I remove user 'foo' from AD. What > will happen to 'foo' owned files ? Who will become the owner? > Will disk remain in a consistent state ? > > I am also considering changing the owner of all files > to 'root' every night. Because the actual owner of all files > isn't any user, is the company. I don't do 'force user = root' in > smb.conf > because I like to see who is doing what in the log files. >I wouldn't delete the user, I would disable it, this way you can easily see which files/directories had been created by that user and take appropriate action, delete some and change ownership of others. I wouldn't force any user to be the owner of any files or directories, this really isn't the way to do it. I would also suggest you do some reading about how Windows deals with file and folder ownership. Rowland