Moving into AD integrated samba and managing the shares using MMC. I just want
to ensure I have my thoughts correct. I set the sediskoperatorprivilege along
with a functioning smb.conf and user.map.
So, I add the share
[Data1]
comment = Data1 Share
path = /storage/Data/Data1
read only = No
I do nothing else to the Linux side (centos 7) - i.e. no chmod or chown. Then
using MMC, I set the Share Permissions to Everyone full. Then under security, I
first remove the inherent permissions. Then add the Data1 AD Security Group =
Full. Then I remove the everyone user.
Everything does work, however, I am a bit confused on the Windows Permissions
and the actual file ownership from the Linux side. The file/directory ownership
is set to the userid + Domain Users. So, I'm concluding that the MMC
Share/Permission stuff simply grant 'ACCESS' to the share. And the file
ownership is based on the actual AD userid. And since Domain Users is the
default group, we see that.
But I feel like I am missing something.....
Vernon