Linux ACLs and Samba
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I have a debian stretch file server that is joined to an active directory domain. I have several samba shares set up on it. And am able to authenticate using domain accounts. But I want a samba share set up on it used for H drive mapping for AD users. In my AD server I can set a home folder to be on my linux file server. It creates the folders for all the users. But the permissions are too wide.
This is what I am currently doing:
[account_homes]
path = /account_homes
map acl inherit = yes
store dos attribtes = yes
drwxrwx---+ root "ADDomain Admins" /account_homes
setfacl -n -m g:"ADDomain Users":r-x /account_homes
But I am able to read and write to all the folders no matter what user I am. I assume I am setting my ACLs incorrectly. But the end result that I want is:
- Members of the Domain Admins group can create Home folder mappings in AD
- Members of the Domain Admins group can rwx to all home folders
- Only the user of the Home folder can rwx
debian samba acl active-directory
New contributor
add a comment |Â
up vote
0
down vote
favorite
I have a debian stretch file server that is joined to an active directory domain. I have several samba shares set up on it. And am able to authenticate using domain accounts. But I want a samba share set up on it used for H drive mapping for AD users. In my AD server I can set a home folder to be on my linux file server. It creates the folders for all the users. But the permissions are too wide.
This is what I am currently doing:
[account_homes]
path = /account_homes
map acl inherit = yes
store dos attribtes = yes
drwxrwx---+ root "ADDomain Admins" /account_homes
setfacl -n -m g:"ADDomain Users":r-x /account_homes
But I am able to read and write to all the folders no matter what user I am. I assume I am setting my ACLs incorrectly. But the end result that I want is:
- Members of the Domain Admins group can create Home folder mappings in AD
- Members of the Domain Admins group can rwx to all home folders
- Only the user of the Home folder can rwx
debian samba acl active-directory
New contributor
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have a debian stretch file server that is joined to an active directory domain. I have several samba shares set up on it. And am able to authenticate using domain accounts. But I want a samba share set up on it used for H drive mapping for AD users. In my AD server I can set a home folder to be on my linux file server. It creates the folders for all the users. But the permissions are too wide.
This is what I am currently doing:
[account_homes]
path = /account_homes
map acl inherit = yes
store dos attribtes = yes
drwxrwx---+ root "ADDomain Admins" /account_homes
setfacl -n -m g:"ADDomain Users":r-x /account_homes
But I am able to read and write to all the folders no matter what user I am. I assume I am setting my ACLs incorrectly. But the end result that I want is:
- Members of the Domain Admins group can create Home folder mappings in AD
- Members of the Domain Admins group can rwx to all home folders
- Only the user of the Home folder can rwx
debian samba acl active-directory
New contributor
I have a debian stretch file server that is joined to an active directory domain. I have several samba shares set up on it. And am able to authenticate using domain accounts. But I want a samba share set up on it used for H drive mapping for AD users. In my AD server I can set a home folder to be on my linux file server. It creates the folders for all the users. But the permissions are too wide.
This is what I am currently doing:
[account_homes]
path = /account_homes
map acl inherit = yes
store dos attribtes = yes
drwxrwx---+ root "ADDomain Admins" /account_homes
setfacl -n -m g:"ADDomain Users":r-x /account_homes
But I am able to read and write to all the folders no matter what user I am. I assume I am setting my ACLs incorrectly. But the end result that I want is:
- Members of the Domain Admins group can create Home folder mappings in AD
- Members of the Domain Admins group can rwx to all home folders
- Only the user of the Home folder can rwx
debian samba acl active-directory
debian samba acl active-directory
New contributor
New contributor
New contributor
asked 2 mins ago
Sdude13
1
1
New contributor
New contributor
add a comment |Â
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sdude13 is a new contributor. Be nice, and check out our Code of Conduct.
Sdude13 is a new contributor. Be nice, and check out our Code of Conduct.
Sdude13 is a new contributor. Be nice, and check out our Code of Conduct.
Sdude13 is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f476650%2flinux-acls-and-samba%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password