-   Linux - Server (
-   -   samba roaming profiles directory owner and permissions (

checkmate3001 07-21-2008 02:05 AM

samba roaming profiles directory owner and permissions
Hello all!

I'm having a problem with my profiles share that is related to permissions.
Windows can't store any profiles to it because access is not granted.

My profiles share is (2775):
drwxrwsr-x 3 root users 4096 2008-07-20 23:42 profiles

I can set my profiles share to 777 (full permission for everyone) but I don't want that.

I believe it should be set to 775 ( doc says 2775 ... sticky bit?).

So what is the issue? Is it ownership? Is it groups?

When I set the permissions of the profiles directory to 777 the created files and directories are owned by <username> and group <username>.

Any pointers?

Disillusionist 07-22-2008 02:54 PM

This is setting the SGID not the sticky bit.

Permissions of 2775 should work (as per the Samba documentation)

As this isn't working you could use 2777, this would set a group of "users", but follow the umask settings that the user has (typically 0022 which creates files of -rw-r--r-- and directories of drwxr-xr-x)

checkmate3001 07-26-2008 03:00 PM

Thank you
Thank you for clearing that up a little bit.

I think it was actually a Windows problem. I wasn't rebooting windows - just logging out and logging back in. So it wasn't refreshing the permissions? That's my only guess.

After rebooting it seemed to work fine. I think I might not use Profiles in the long run just to speed up logging in and in the final application the users don't change computers at all. So there is really no benefit.

I do wonder, however, it there a way to make it so only certain users (ie: Administrator) uses roaming profiles, but everyone else doesn't? I kind of doubt it - but that would be a nice feature. I could only allow the Admin permission to use the directory, but then windows would complain about not being able to find a roaming profile... using local one instead... blah... blah...

Thanks again!

Disillusionist 07-27-2008 02:36 AM

How were you setting roaming profiles?

Options are:
  1. the Users and Computers snapin for each user
  2. using group policy

Normally in Active Directory, you would have a seperate container for Administrative Accounts. I typically advise not setting group policy on the default "Administrators" container as this might cause problems that you haven't considered.

Assuming (always dangerous) that there aren't losts of Administrative Accounts, you could:
  1. open the properties of each administrator via the Users and Computers mmc snapin
  2. open the Profile tab
  3. Enter \\server\share\%USERNAME%
The variable %USERNAME% will expand to the user account, this saves typing as you can highlight, copy, and paste into all the relevant areas.

If you use either Citrix or Remote Desktop (RDC) then I would suggest you set a seperate area to store Terminal Service Profiles.

Hope this helps.

hilljockey 08-14-2008 06:22 AM


I've upgraded our SME server from 7.2 to 7.3 while logged on via my roaming profile.

Next logon the profile was not found. Further investigation showed it still to be there in /home/e-smith/files/samba/profiles/ but the ownership and group had both changed to rpminstall.

I cannot change ownership back to myself with chown even though logged on as root.

How do I fix this? (my Linux knowledge is limited, sorry).

All times are GMT -5. The time now is 03:05 PM.