Group share for a Active Directory domain group with Samba

jacob — Wed, 06 May 2009 20:38:36 +0000

Once you have joined your samba server to your domain and have set up user authentication, creating a share that will allow a group of users to access files is pretty simple. We need to create a folder that is owned by the root user and the domain group. The samba share will inherit permissions from the parent folder. Here is an example for creating a folder for a domain group called “corporate_HR”. The domain is called “acme”. There is administrative support group called “admins”. Setting the folder’s permissions to “2771″ means that the owner (root) and the group (corporate_HR) have full access. The “2″ is a setgid bit. It will force all new files created under the HR folder to take the group parameter from it’s parent. We use the “force group” parameter to ensure that permissions are set properly when a member of the “ACME\admins” group accesses the files.

to set up the filesystem:

cd /home
mkdir HR
chgrp corporate_HR HR
chmod 2771 HR

set up the share:

[HR]
comment    =    share for corporate HR group
readonly    =   no
inherrit owner    =    yes
inherit permissions    =    yes
authorized users    =    @ACME\corporate_HR @ACME\admins
force group    =    ACME\corporate_HR

SurlyJake » share

Group share for a Active Directory domain group with Samba