samba - Jan 2021 - confirm deletion - possible?

Am 26.01.21 um 18:01 schrieb Rowland penny via samba:
> On 26/01/2021 16:43, Stefan G. Weichinger via samba wrote:
>> But it isn't a Domain Member or DC ... that's why I assumed ...
>>
>> And I also forced group users (for years now ... I think that server 
>> started in the days of samba-3.x).
> 
> Sorry, this thread has been going on so long, I forgot that ?
I see ;-)
> This is one of the failings of a standalone server in a Windows domain, 
> the users on the standalone server are not domain users, even if they 
> have the same names. There is no way I personally would use a standalone 
> server (which is akin to using a Windows Home edition) in a domain.
I understand that but also think that it should be possible anyway to 
solve the given problem.
>>> If Windows is involved, I would remove a lot of lines from the
share
>>> and then set the permissions from Windows.
>>
>> I see and agree.
>>
>> So it seems like: switch over to Windows ACLs first, then apply new 
>> permissions, test vfs_recycle after that.
> 
> I would add 'join the domain' in amongst all that ?
No. Not wanted here.

Think "unsafe environment" here.

The server(s) should not be accessible by the IT of the "mother 
company", only to a small department of people in that company.

The small department doesn't trust the IT of the mother company.

On 26/01/2021 17:21, Stefan G. Weichinger via samba
wrote:
>
> I understand that but also think that it should be possible anyway to 
> solve the given problem.

Yes, it should be, you could use POSIX ACLS (setacl, getacl).
>
>
> No. Not wanted here.

OK

>
> Think "unsafe environment" here.
>
> The server(s) should not be accessible by the IT of the "mother 
> company", only to a small department of people in that company.
>
> The small department doesn't trust the IT of the mother company.
>
ROFL

That is terrible, they must have done something despicable.

Office politics, never understood them.

Rowland