How to configure samba share such that Windows Users creating folders on Samba share would like the folders to be accessed (Read, write Permissions) to other users also

Solution Unverified - Updated -

Environment

  • Red Hat Enterprise Linux 4
  • Red Hat Enterprise Linux 5
  • samba-3.0.33-3.28.el5.x86_64
  • Samba is configured with Security=ads  authenticating to Windows AD
  • Microsoft Windows Active Directory

Issue

  • How to configure samba share such that Windows Users creating folders on Samba share would like the folders to be accessed (Read, write Permissions) to other users also.

Resolution

Since all users are by default members of "Domain Users", we can create a default Access control list for "Domain Users" so that any file created by users who are member of "Domain users" will have

rwx permissions.

  1. Issue setfacl command to setup the default ACL for "Domain Users" on the share directory , on which users will create directories and files.

    Example:
$setfacl -d -m g:"PNQ\domain users":rwx /abc

Can add -R to the above if you want the default permissions to be added to the existing files and folders that  are already created in /abc

  1. After doing the above configure smb.conf to inherit permissions and also inherit acls .

    Example:


[global]
        workgroup = PNQ
        realm = GSSLAB.PNQ.REDHAT.COM
        server string = Samba Server Version %v
        security = ADS
        password server = 10.65.208.43
        passdb backend = tdbsam
        log file = /var/log/samba/log.%m
        max log size = 50
        idmap uid = 16777216-33554431
        idmap gid = 16777216-33554431
        template shell = /bin/bash
        inherit permissions = Yes
        inherit acls = Yes
        cups options = raw


[homes]
        comment = Home Directories
        read only = No
        browseable = No


[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No


[public]
        comment = Public Stuff
        path = /abc
        read only = No
        guest ok = Yes
    browseable = yes

  2. Restart smb services

    $ service smb restart

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments