samba - Mar 2024 - Linux Mint 21.3 client AD joined OK but no usb working

On Thu, 28 Mar 2024 20:10:32 +0100
Kees van Vloten via samba <samba at lists.samba.org> wrote:
> A local daemon will use /etc/nsswitch.conf to lookup UIDs and Winbind 
> can supply them.
> 
> In addition I make (domain) users member of these local groups:
> 
>
audio,video,dialout,cdrom,floppy,lpadmin,plugdev,bluetooth,netdev,pulse-access,users
> 
> Some users also want to be member of local-groups like: libvirt, kvm, 
> docker, vboxusers
> 
> You can do this with: usermod -a -G <group> <domain-user>, this
> mechanism works much better than pam_group (which does not work for
> this purpose).
It worked for myself:

SAMDOM\rowland at rpidc1:~ $ groups
domain users dialout cdrom floppy audio video plugdev scanner
BUILTIN\administrators BUILTIN\users domain admins denied rodc password
replication group rowland testgroup

It just didn't help with the problem
> 
> I do this when a domain-user logs in and the reverse when (s)he logs
> off with a script triggered by pam-session, a copy is already in the
> list archive somewhere.
Perhaps running a script when a usb drive is inserted might be the way
forward, but I haven't given up on either udev or udisks2 being able to
set the correct ownership

Rowland
> 
> - Kees.
> 
> 
> >

On Thu, 28 Mar 2024 19:25:33 +0000
Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Thu, 28 Mar 2024 20:10:32 +0100
> Kees van Vloten via samba <samba at lists.samba.org> wrote:
> 
> > A local daemon will use /etc/nsswitch.conf to lookup UIDs and
> > Winbind can supply them.
> > 
> > In addition I make (domain) users member of these local groups:
> > 
> >
audio,video,dialout,cdrom,floppy,lpadmin,plugdev,bluetooth,netdev,pulse-access,users
> > 
> > Some users also want to be member of local-groups like: libvirt,
> > kvm, docker, vboxusers
> > 
> > You can do this with: usermod -a -G <group> <domain-user>,
this
> > mechanism works much better than pam_group (which does not work for
> > this purpose).
> 
> It worked for myself:
> 
> SAMDOM\rowland at rpidc1:~ $ groups
> domain users dialout cdrom floppy audio video plugdev scanner
> BUILTIN\administrators BUILTIN\users domain admins denied rodc
> password replication group rowland testgroup
> 
> It just didn't help with the problem
> > 
> > I do this when a domain-user logs in and the reverse when (s)he logs
> > off with a script triggered by pam-session, a copy is already in the
> > list archive somewhere.
> 
> Perhaps running a script when a usb drive is inserted might be the way
> forward, but I haven't given up on either udev or udisks2 being able
> to set the correct ownership
> 
After much searching on the internet, I have now given up on this, it
has nothing to do with Samba and everything to do with udev and udisks2.

When you insert a usb drive into a Linux computer, udev and udisks2
mount it on /media/USERNAME/USBDRIVENAME, it also mounts it as
root:root with the permissions set to drwxr-xr-x, so only root can
write to the drive, but everyone can traverse and read it.

From what I can see, this cannot be automatically changed and will not
be changed in code (he who is god, systemd wise, has spoken).

Provided the drive is using a Linux filesystem (ext2 etc) then you can
change the permissions with 'chown', but you would have to do this as
root, any other filesystem, then I think you are stuck with what you
are given.

Rowland