Peter Milesson
2016-Sep-12 10:21 UTC
[Samba] Samba PDC, permissions on user profile folders too wide
Hi folks, I have got a Samba PDC with roaming profiles: CentOS 7 x64, build 1511 The server is set up with roaming profiles according to the current Samba Wiki. Roaming works, but the permissions in the profiles are too wide, giving access not only to the user in every profile, but also to the group (770). For example, if I log in under Windows, add a file (or folder) on my desktop, and log off, the file (folder) will be in my profile with permissions 770. The same from Windows XP and up to Windows 10. This poses an immediate problem. Any user belonging to the same group as the Samba user, with ssh access to the server, can do anything they like with the files in any profile belonging to the same group. I've previously through the years set up a bunch of Samba PDC servers with Samba 3. There, the problem never occurred, the effective file permissions always 600 (700 for directories) in the profiles. My Profiles definition: [Profiles] guest ok = yes browseable = no writeable = yes create mask = 0600 directory mask = 0700 path = /var/lib/samba/profiles store dos attributes = yes profile acls = yes csc policy = disable I would be grateful for any information how to solve this. Best regards, Peter
Maybe Matching Threads
- Samba4 roaming profiles & ownership of profile.V2 folders [RESOLVED]
- Odd Roaming Profile behaviour from a Samba PDC
- Samba4 roaming profiles & ownership of profile.V2 folders [RESOLVED]
- Samba4 roaming profiles & ownership of profile.V2 folders [RESOLVED]
- Re-2: SOLVED - idmap_rid / roaming profile permissions /NTAUTHORITY\SYSTEM