Rowland Penny
2024-Oct-10 19:14 UTC
[Samba] Question regarding 'username map' & 'min domain uid'
On Thu, 10 Oct 2024 18:46:04 +0000 bd730c5053df9efb <bd730c5053df9efb at proton.me> wrote:> > Hi Rowland! > > Thank you for your reply but wouldn't operations like the one > described in > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs#Setting_Share_Permissions_and_ACLs > fail if the uid of the user that is performing said operations does > not map to uid = 0? >No, but you have to set Domain Admins as the group on the shares directory, give Domain Admins the SeDiskOperatorPrivilege privilege and you should be able to set/change permissions from Windows. Rowland
bd730c5053df9efb
2024-Oct-10 19:19 UTC
[Samba] Question regarding 'username map' & 'min domain uid'
On Thursday, October 10th, 2024 at 16:14, Rowland Penny via samba <samba at lists.samba.org> wrote:> On Thu, 10 Oct 2024 18:46:04 +0000 > bd730c5053df9efb bd730c5053df9efb at proton.me wrote: > > > Hi Rowland! > > > > Thank you for your reply but wouldn't operations like the one > > described in > > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs#Setting_Share_Permissions_and_ACLs > > fail if the uid of the user that is performing said operations does > > not map to uid = 0? > > > No, but you have to set Domain Admins as the group on the shares > directory, give Domain Admins the SeDiskOperatorPrivilege privilege and > you should be able to set/change permissions from Windows. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaGreat! Thanks again! Best regards, Dave.
Marco Gaiarin
2024-Oct-11 11:18 UTC
[Samba] Question regarding 'username map' & 'min domain uid'
Mandi! Rowland Penny via samba In chel di` si favelave...> No, but you have to set Domain Admins as the group on the shares > directory, give Domain Admins the SeDiskOperatorPrivilege privilege and > you should be able to set/change permissions from Windows....if you use 'windows ACL'; if you use plain permissions (UGO) or POSIX ACL i think you still need 'uid=0' to manage permission on non-owned folders. So, i suppose some sort of 'Administrator' mapping is still needed... --