Lin Pro
2017-Mar-10 17:41 UTC
[Samba] Standalone Samba in a Win2008 DC environment, transition to samba
Hi All, It is unclear to me what group membership should \\server\users (or /srv/samba/users) get if it is planned to be ina standalone role... and using only POSIX ACLs. The relevant wiki instructions are stating: "Create the directory and set the correct permissions: # mkdir -p /srv/samba/users/ # chgrp -R "Domain Users" /srv/samba/users/ # chmod 2750 /srv/samba/users/" But there is a hidden assuption in the above that it is AD DC - "Domain Users". Or may be I should just create a linux group by that name or any other name and add all the future users to that group? In the back of my head I may consider converting this standalone srv into a Domain Member. Do you have an advice what to do in this case? Besides: groupadd "Domain Users" produces a warning - not a valid group name Lin best regards linforpros
Rowland Penny
2017-Mar-10 18:05 UTC
[Samba] Standalone Samba in a Win2008 DC environment, transition to samba
On Fri, 10 Mar 2017 11:41:23 -0600 Lin Pro via samba <samba at lists.samba.org> wrote:> Hi All, > It is unclear to me what group membership should \\server\users (or > /srv/samba/users) get if it is planned to be ina standalone role... > and using only POSIX ACLs. The relevant wiki instructions are stating: > > "Create the directory and set the correct permissions: > > # mkdir -p /srv/samba/users/ > # chgrp -R "Domain Users" /srv/samba/users/ > > # chmod 2750 /srv/samba/users/" > > But there is a hidden assuption in the above that it is AD DC - > "Domain Users". Or may be I should just create a linux group by that > name or any other name and add all the future users to that group? In > the back of my head I may consider converting this standalone srv into > a Domain Member. Do you have an advice what to do in this case? > > Besides: > groupadd "Domain Users" produces a warning - not a valid group nameIt would, the hint is in the group name, a standalone computer is not part of a Domain. What you seem to be setting up is a 'WORKGROUP' and, if you have more than about a dozen computers, you really do not want to do this. Your users and groups will need to exist on EVERY computer, your users will need to have the same password on every computer and if a user changes a password, it will need to be changed on every computer. Rowland
Marc Muehlfeld
2017-Mar-10 18:49 UTC
[Samba] Standalone Samba in a Win2008 DC environment, transition to samba
Am 10.03.2017 um 18:41 schrieb Lin Pro via samba:> It is unclear to me what group membership should \\server\users (or > /srv/samba/users) get if it is planned to be ina standalone role... > and using only POSIX ACLs. The relevant wiki instructions are stating: > > "Create the directory and set the correct permissions: > > # mkdir -p /srv/samba/users/ > # chgrp -R "Domain Users" /srv/samba/users/ > > # chmod 2750 /srv/samba/users/"I added some sentences to be clear about this: https://wiki.samba.org/index.php/User_Home_Folders#Using_POSIX_ACLs> Besides: > groupadd "Domain Users" produces a warning - not a valid group nameThe groupadd does not support spaces in the group name. Use underscores. Anyway, in a non-domain environment, naming a group "Domain Users" seems to guarantee confusion some day. :-) Regards, Marc
Lin Pro
2017-Mar-10 20:54 UTC
[Samba] Standalone Samba in a Win2008 DC environment, transition to samba
> I added some sentences to be clear about this: > https://wiki.samba.org/index.php/User_Home_Folders#Using_POSIX_ACLs> Anyway, in a non-domain environment, naming a group "Domain Users" seems to > guarantee confusion some day. :-) >Thanks for the clarification. The system now has "domain_users" group and users are added to that group. Additionally /srv/samba/users is owned by that group with chmod 2750. What is the logic however that when a user "justin" creates a directory within its home dir /users/justin/testdir that dir receives drwxr-xr-x instead of what is stated in the smb.conf, and that is 0700, then it should become drwx------, correct? Thank for any directions to understand it Below is what I see: [root at fedora samba]# getfacl users # file: users # owner: root # group: domain_users # flags: -s- user::rwx group::r-x other::--- [root at fedora samba]# getfacl users/justin/ # file: users/justin/ # owner: justin # group: domain_users # flags: -s- user::rwx group::--- other::--- [root at fedora samba]# getfacl users/justin/justinFolder/ # file: users/justin/justinFolder/ # owner: justin # group: domain_users # flags: -s- user::rwx group::r-x other::r-x [root at fedora samba]# ls -ld users/ drwxr-s---. 4 root domain_users 4096 Mar 10 19:45 users/ [root at fedora samba]# ls -ld users/justin/ drwx--S---. 3 justin domain_users 4096 Mar 10 19:12 users/justin/ [root at fedora samba]# ls -ld users/justin/justinFolder/ drwxr-sr-x. 2 justin domain_users 4096 Mar 10 19:12 users/justin/justinFolder/ best regards linforpros