Administrative access to all shared folders

GG_jr · November 1, 2016, 7:51am

Hello everybody!

I have a question regarding user’s folder and shared folder access when using NS as DC-AD/File Server.

There are two kind of folders that can be created using NS as DC-AD/File Server:

user’s folder which is created when a new user is added: user.name@domain.tld
shared folder which is created for sharing in the network: could be: user_name

The user’s folder is visible only for the user when is logged to the domain.

The shared folder is visible and accessible, let’s talk about this case, for anyone connected to the network (domain members and guests).

There is any possibility using NS as DC-AD/File Server, to view and access all user’s folders and all shared folders, as administrator, from File Explorer, like in Windows?

TIA,
Gabriel

davidep · November 2, 2016, 9:51am

It seems a nice feature! We should dig Samba docs!

BTW… why do you need it? About user home dirs: there could be some privacy issues!

GG_jr · November 2, 2016, 1:41pm

Even if you use NS as DC-AD/File server at home, you will want to protect your children by their “youth mistakes” and you will want to see what they do.

But, I always talk about NS as a professional product.
In a company network, there are no “private data”.
If you may have access to personal email, cloud, …, all those have nothing in common with company data.
All data in the network are property of the company.
The access to those data is hierarchically.
As system administrator, as the most trust person in the company, you need to have access to all, for different tasks.
In a small company, where the owner is also sys admin, he must have full access to all data.
In Windows, when you create a new folder, there are from start some “users” that have full permission to this folder (SYSTEM, Administrators) and others with limited permissions (Authenticated Users, Users).
Always, you can restrict or expand those permissions and/or add new “users” with proper permissions to this folder.

alefattorini · November 8, 2016, 3:45pm

It makes sense to me if I remind correctly in 6.8 admin had the right to access all shared folders

davidep · November 8, 2016, 4:00pm

Administrator is already the Unix owner of all shared folders.

Home directories is the point here: administrator should be mapped to root in some way to grant him homedirs access.

Is it a good idea?

GG_jr · November 8, 2016, 5:47pm

I still use Windows servers in some points of my network.
Some of these servers cannot be replaced with Linux Servers (NS Server) because of their specific functions.
But one of them, the PDC/AD/File server, can be replaced but only if it will do the same things as the Windows server. At least all regarding how to manage file and folders, user accounts, computers: rights, restrictions, policies.
I can live without Windows Printer server facilities.
I think there are many as me who came from Windows and want to use NS.
We are accustomed to the facilities offered by Windows AD.
A lot of these facilities can be offered by NS through Samba4 as AD, if are well implemented.
Yes, one of these facilities is the Administrator account as root.

Maybe I have used too much words for a simple YES but I wanted to point that I want to use NS as PDC/AD/File server at full capacities!

TIA,
Gabriel

davidep · November 10, 2016, 5:19pm

I did some experiments. If the “username map” option works we could define a (hidden) share that exposes /var/lib/nethserver/home to the administrator, so she can administer home dirs too

davidep · November 11, 2016, 9:59am

This is the share definition, it works with the “username map” workaround documented above

[home$]
path = /var/lib/nethserver/home
administrative share = yes
comment = Administrative home directories share
valid users = root
inherit owner = yes
browseable = no
writable = yes

GG_jr · November 11, 2016, 10:31am

Where i must put these?
In “smb.conf” as add, after [home], or in “user.map” after “root = NETH\administrator”?

davidep · November 11, 2016, 10:35am

That’s a good place!

GG_jr · November 11, 2016, 10:42am

After that, I should see in Windows Explorer all shared files and all home directories for all users that I’ve created?

davidep · November 11, 2016, 11:30am

Yes, connect to

\\YOURSERVER\home$

GG_jr · November 11, 2016, 11:53am

Ok, but I have two users (administrator and gabriel.gheorghiu) and I see only one home director, for the administrator.
( In RSAT - Computer Management I don’t see “administrator” and “gabriel.gheorghiu” folders in “Shares”)

davidep · November 11, 2016, 12:02pm

User’s homedir is created at the first login. Try to sftp as gabriel.gheorghiu!

GG_jr · November 11, 2016, 12:06pm

You’re right!
As usual!

There is still one step: RSAT

davidep · November 11, 2016, 12:09pm

What do you mean? I don’t get you

GG_jr · November 11, 2016, 12:17pm

I see in RSAT-Computer Management -> Shares only “shared folders” and no administrator and gabriel.gheorghiu “home folders” as before modifications.

davidep · November 11, 2016, 12:20pm

I see also home$

GG_jr · November 11, 2016, 12:33pm

I didn’t.
I will start from the beginning.
Maybe i did something wrong.

GG_jr · November 11, 2016, 12:45pm

I have restarted the server and the pc with win 7.
The same situation in RSAT.
You have tried RSAT from Win 10 or Win 7?