Luke Jaeger
Dabbler
- Joined
- Mar 16, 2016
- Messages
- 43
I have FreeNAS 9.3 serving Samba shares, with AD authentication.
when users log in for the first time, their home directory is created with "domain users" as the group, and POSIX permissions = 755. This a server where students upload completed assignments, so we definitely don't want o+rx enabled!
"domain users" is an AD group which contains all students.
I would rather have a different group show up as the default and set permissions to 770. Or, if not possible to change the default group, keep "domain users" but set default permissions on homes to 700.
There's a script that runs several times a day to fine-tune the permissions, but the way it is right now, between the time someUser first logs in and the next time the permissions script runs, other users can see into someUser's home directory.
I tried changing the umask in /usr/share/skel/dot.cshrc but that didn't make a difference.
when users log in for the first time, their home directory is created with "domain users" as the group, and POSIX permissions = 755. This a server where students upload completed assignments, so we definitely don't want o+rx enabled!
"domain users" is an AD group which contains all students.
I would rather have a different group show up as the default and set permissions to 770. Or, if not possible to change the default group, keep "domain users" but set default permissions on homes to 700.
There's a script that runs several times a day to fine-tune the permissions, but the way it is right now, between the time someUser first logs in and the next time the permissions script runs, other users can see into someUser's home directory.
I tried changing the umask in /usr/share/skel/dot.cshrc but that didn't make a difference.