Matthew Richardson
2022-Aug-18 11:13 UTC
[Samba] unix_primary_group not used when writing files
>> I could explicitly set 'mandatory' ACLs on the homedir and have these >> propagate, but that feels like a workaround for something that the >> docs >> imply shouldn't be needed? > > Where does it imply that ? tell me and I will change it.I was just meaning that since the samba docs don't mention things like facls, setgid bits etc, this implies that the primary_unix_group setting should 'just work' to set group ownership , and I shouldn't need to do anything else 'special'. So yes, no doc changes needed!> Your problem is possibly being caused by the share being connected by a > member of the g_alice group (yes, I know there is only one user) and > the group doesn't have write access. >I've changed the permissions to be 775 on /home/alice (with group still g_alice) but it still creates files group owned 'domain user'. Thanks, Matthew The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. Is e buidheann carthannais a th? ann an Oilthigh Dh?n ?ideann, cl?raichte an Alba, ?ireamh cl?raidh SC005336.
I did a small test.. What the default is.. id username uid=10002(username) gid=10000(domain users) groups=10000(domain users) so I change my "primay group name/GID" in ADUC, id username uid=10002(username) gid=10034(marketing-sales) groups=10034(marketing-sales) touched a file in /tmp and... domain users.. I reverted the change.. tested to be sure.. same. now I changed gidNumber .. ans same. So now it looks like it?s a bug.. *( tested on 4.16.2 ) I do know this did work.. Rowland can you verify it? Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba <samba-bounces at lists.samba.org> Namens Matthew > Richardson via samba > Verzonden: donderdag 18 augustus 2022 13:13 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] unix_primary_group not used when writing files > > >> I could explicitly set 'mandatory' ACLs on the homedir and have these > >> propagate, but that feels like a workaround for something that the > >> docs imply shouldn't be needed? > > > > Where does it imply that ? tell me and I will change it. > > I was just meaning that since the samba docs don't mention things like facls, > setgid bits etc, this implies that the primary_unix_group setting should 'just > work' to set group ownership , and I shouldn't need to do anything else > 'special'. So yes, no doc changes needed! > > > Your problem is possibly being caused by the share being connected by > > a member of the g_alice group (yes, I know there is only one user) and > > the group doesn't have write access. > > > > I've changed the permissions to be 775 on /home/alice (with group still > g_alice) but it still creates files group owned 'domain user'. > > Thanks, > > Matthew > The University of Edinburgh is a charitable body, registered in Scotland, with > registration number SC005336. Is e buidheann carthannais a th? ann an > Oilthigh Dh?n ?ideann, cl?raichte an Alba, ?ireamh cl?raidh SC005336. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
2022-Aug-18 11:53 UTC
[Samba] unix_primary_group not used when writing files
On Thu, 2022-08-18 at 12:13 +0100, Matthew Richardson via samba wrote:> > > I could explicitly set 'mandatory' ACLs on the homedir and have > > > these > > > propagate, but that feels like a workaround for something that > > > the > > > docs > > > imply shouldn't be needed? > > > > Where does it imply that ? tell me and I will change it. > > I was just meaning that since the samba docs don't mention things > like > facls, setgid bits etc, this implies that the primary_unix_group > setting > should 'just work' to set group ownership , and I shouldn't need to > do > anything else 'special'. So yes, no doc changes needed!If you are connecting from Windows, you really should be setting the permissions from Windows.> > > Your problem is possibly being caused by the share being connected > > by a > > member of the g_alice group (yes, I know there is only one user) > > and > > the group doesn't have write access. > > > > I've changed the permissions to be 775 on /home/alice (with group > still > g_alice) but it still creates files group owned 'domain user'.It looks like inheritance may be causing this. Can you run these commands: ls -lad /home getfacl /home sudo samba-tool ntacl get /home --as-sddl Rowland