samba - Dec 2020 - rights -- structures

root at srvcar005:/shares/Userhome# cat /etc/passwd | grep smbadmin
root at srvcar005:/shares/Userhome# cat /etc/group | grep smbadmin
root at srvcar005:/shares/Userhome#

local don't exist, this are only a AD Member....

Please how I can do, the permission so that only Maurizio can Access to
Folder Maurizio
Please how I can do, the permission so that only Lukas can Access to Folder
Lukas

And not that everyone can open ever folder

I try also
# setfacl -m u:mauriziocaloro:rwx "Maurizio Caloro"/
# setfacl -m u:lukaschristen:rwx "Lukas Christen"/


But i can still browse both folder.....
Mauri


-----Urspr?ngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland penny
via
samba
Gesendet: Montag, 14. Dezember 2020 15:09
An: sambalist <samba at lists.samba.org>
Betreff: Re: [Samba] rights -- structures

On 14/12/2020 13:51, Maurizio Caloro wrote:
> Rowland
>
> root at srvcar005:/shares/Userhome# ls -la
> drwxr-s--- 4 smbadmin domain users 4096 Dec 14 08:29  .
Here 'smbadmin' is a user
> drwxr-xr-x 3 root		root         4096 Dec 14 08:28  ..
> drwxr-xr-x 2 lukaschristen	smbadmin     4096 Dec 14 14:12 'Lukas
> Christen'
Yet here 'smbadmin' is a group

How is this possible ?

Unless 'smbadmin' is a local Unix user and group ?

Where does 'smbadmin' exist ? in /etc/passwd, /etc/group and AD ?

Rowland



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

On 14/12/2020 14:22, Maurizio Caloro wrote:
> root at srvcar005:/shares/Userhome# cat /etc/passwd | grep smbadmin
> root at srvcar005:/shares/Userhome# cat /etc/group | grep smbadmin
So 'smbadmin' isn't a local Unix user or group, so where did you
create
it and how. Normally a group can only be a user on a Samba AD DC, this 
should never happen on a Unix domain member (what you are calling a 
fileserver)
> local don't exist, this are only a AD Member....
>
> Please how I can do, the permission so that only Maurizio can Access to
> Folder Maurizio
> Please how I can do, the permission so that only Lukas can Access to Folder
> Lukas
>
> And not that everyone can open ever folder
You need to use (at a minimum) 0700 permissions, though it would 
probably be better to set the permissions from a Windows
machine.
>
> I try also
> # setfacl -m u:mauriziocaloro:rwx "Maurizio Caloro"/
> # setfacl -m u:lukaschristen:rwx "Lukas Christen"/
That is unlikely to work on its own.

Rowland