samba security/winbind/ windows groups
 

Hi guys,
I thought this might be the appropriate forum to post in regarding an issue at my new job.

I was recently hired as a linux systems analyst at a state agency. This agency's datacenter is contracted out to a separate company so that they do all of the administrative work on the systems, which leaves me without any kind of admin access to the boxes.

Anyways, this agency has a development web server with tons of projects files and folders. This server also uses winbind for authentication and shares these files and folders through samba.

My issue is that I think files and folders should be owned by the people or groups working on them and not a service account with perms set to 777. Now, the samba side of things is locked down to a degree with access rights and such given to specific groups. That still doesn't account for the linux side of things.

Apparently multiple groups need to access these folders which kinda complicates things. I was thinking we could create groups that consist of those groups and then assign group ownership to that group. I've never tried creating groups of groups on the linux side and being that we're authenticating to windows AD, I'm not sure if putting windows groups in /etc/group would work ( probably not but I don't have the ability to experiment to be sure ).

My biggest complaint is seeing everything opened up (777) across the board.

What do you guys think?

Dear
using winbind windows ad groups can be managed by linux for file/directory permission. what i mean is that create groups on AD and assign permission to that groups for file/directory on linux using chmod command. ACL can also be applied of linux in you want manage your permission from windows ad server.

Thanks

www.sambaguru.blogspot.com