Hello,
We are running Samba 3.0.4 in ADS mode with winbind. We use roaming profiles, stored in the [homes] share for each user in a directory called .ntprofile. This same home directory is used for their UNIX account. For some reason, when windows creates the roaming profile directory (.ntprofile) it gets created with permissions 771. This is bad, because all of our users are members of the group 'users'. This means our users, when logged into any UNIX machine, can poke at and modify the contents of each others profiles.
We thought we had taken care of this with the 'directory mask' parameter. Indeed, if a user creates a new folder in their home directory from a windows machine, it gets the proper 711 permissions. However, for some reason, when windows creates the profile, it gets 771 permissions.
Here is our [homes] directive:
[homes]
path = /export/home/%U
read only = no
browseable = no
create mask = 0711
directory mask = 0711
valid users = %U
profile acls = yes
hide files = /DESKTOP.INI/desktop.ini/Desktop.ini
dos filemode = yes
force security mode = 0200Is there some way to make sure that when windows creates the profile, it gets 711 permissions instead of 771?
Thanks,
Joe
-- Joe Mesterhazy ECpE UNIX Administrator 2101 Coover Hall, Iowa State University Ames, IA 50011. (515) 294-7359 http://www.mesterhazy.net/
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
