How to give Active Directory Domain users group permission
by mfoley from LinuxQuestions.org on (#6N75R)
I have a file server that is an AD (Samba4) Domain member. It shares the following (smb.conf):
Code:[public]
path = /public
store dos attributes = no
hide dot files = yes
readonly = no
force group = ohprs
create mask = 0660
directory mask = 2770The "force group" lets all Windows users map this folder and create files and directories. They are created with their own user ID and the specified group (ohprs). That has worked well for some time, but now the Boss wants his own folder. No problem, I created a group for him and created a folder belonging to that group, 'mark':
Code::
drwxrwsr-x 24 ohprso ohprs 4096 2024-05-13 11:40 jane/
drwxrws---+ 2 HPRS\mark mark 4096 2024-05-28 00:14 mark/
drwxrws--x 4 ohprso ohprs 4096 2024-04-28 21:58 mfoleyOutlook/
:He can now add files to this folder from his Windows mapped drive:
Code:$ ls -l mark
total 8
-rwxrwx---+ 1 HPRS\mark ohprs 445 2024-05-28 00:14 testme.txt*(Not sure why it sets the x bit since the create mask 0660 does not, but not important for now.)
Two problems:
1. Files created in this directory are group ohprs, not mark-- probably because of the group mask, but I had hoped the S bit on the parent directory would serve to inherit the group name. Apparently not. Not a huge issue since other users don't have rwx permission to see or update these files. But, is there a way to have files in this directory inherit the 'mark' group?
2. Bigger issue - the Boss wants his admin. assistant to also be able to see and update files in his folder. Normally, one would do a 'usermod -a -G' to add the assistant to group 'mark'. But, these are Domain users and are not in /etc/passwd. So, how can I do this?
Code:[public]
path = /public
store dos attributes = no
hide dot files = yes
readonly = no
force group = ohprs
create mask = 0660
directory mask = 2770The "force group" lets all Windows users map this folder and create files and directories. They are created with their own user ID and the specified group (ohprs). That has worked well for some time, but now the Boss wants his own folder. No problem, I created a group for him and created a folder belonging to that group, 'mark':
Code::
drwxrwsr-x 24 ohprso ohprs 4096 2024-05-13 11:40 jane/
drwxrws---+ 2 HPRS\mark mark 4096 2024-05-28 00:14 mark/
drwxrws--x 4 ohprso ohprs 4096 2024-04-28 21:58 mfoleyOutlook/
:He can now add files to this folder from his Windows mapped drive:
Code:$ ls -l mark
total 8
-rwxrwx---+ 1 HPRS\mark ohprs 445 2024-05-28 00:14 testme.txt*(Not sure why it sets the x bit since the create mask 0660 does not, but not important for now.)
Two problems:
1. Files created in this directory are group ohprs, not mark-- probably because of the group mask, but I had hoped the S bit on the parent directory would serve to inherit the group name. Apparently not. Not a huge issue since other users don't have rwx permission to see or update these files. But, is there a way to have files in this directory inherit the 'mark' group?
2. Bigger issue - the Boss wants his admin. assistant to also be able to see and update files in his folder. Normally, one would do a 'usermod -a -G' to add the assistant to group 'mark'. But, these are Domain users and are not in /etc/passwd. So, how can I do this?