Script per impostare le permission delle share utenti in samba

From RVM Wiki
Jump to navigation Jump to search

Windows setacl

  • Se si hanno le directory corrispondenti agli username, e si vogliono impostare le permission delle share:
\\fileserver.example.com\users
  user1
  user2
  user3
  • Da Linux, impostare le permission unix:
for DIR in *; do echo $DIR; chown -R EXAMPLE\\${DIR}:EXAMPLE\\Domain\ Users $DIR; done

scriptname.cmd \\fileserver.example.com\users
  • disabilita l'ereditarietà, scartando le ACL ereditate
  • cancella tutte le acl esplicite
  • resetta tutti gli oggetti figli
  • Imposta l'owner ricorsivamente
  • imposta Full Control per lo user
  • imposta Full Control per Domain Admins
@echo off
SETLOCAL ENABLEDELAYEDEXPANSIONle

cls

if "%~1"=="" (
    echo Devi specificare un percorso!
    exit /b
)

set "targetPath=%~1"

for /D %%d in ("%targetPath%\*") do (
    echo PATH: "%%d"
    REM echo USER: "%%~nxd"
    SET "DIR=%%~nxd
    echo DIR=!DIR!

echo Disable Inheritance ================================
SetACL.exe -on "\\fileserver.ad.example.com\Utenti\!DIR!" ^
           -ot file ^
           -actn setprot -op "dacl:p_nc" ^
           -silent

echo Clearing ===========================================
SetACL.exe -on "\\fileserver.ad.example.com\Utenti\!DIR!" ^
           -ot file ^
           -actn clear -clr "dacl" -rec cont_obj ^
           -silent

echo Resetting ==========================================
SetACL.exe -on "\\fileserver.ad.example.com\Utenti\!DIR!" ^
           -ot file ^
           -actn rstchldrn -rst "dacl" -rec cont_obj ^
           -silent

echo SetOwner  ==========================================
SetACL.exe -on "\\fileserver.ad.example.com\Utenti\!DIR!" ^
           -ot file ^
           -actn setowner -ownr "n:EXAMPLE\!DIR!" ^
           -rec cont_obj ^
           -silent

echo Setting ============================================
SetACL.exe -on "\\fileserver.ad.example.com\Utenti\!DIR!" ^
           -ot file -actn ace ^
           -ace "n:EXAMPLE\!DIR!;p:full" ^
           -rec cont_obj ^
           -silent

SetACL.exe -on "\\fileserver.ad.example.com\Utenti\!DIR!" ^
           -ot file -actn ace ^
           -ace "n:EXAMPLE\Domain Admins;p:full" ^
           -rec cont_obj ^
           -silent



    pushd "%%d"
    popd
)

ENDLOCAL

Linux samba-tool

NON FUNZIONA

Se si hanno le directory corrispondenti agli username, e si vogliono impostare le permission delle share, usare:

#!/bin/bash
DOMAIN=EXAMPLE
REALM=ad.example.com
touch /tmp/errors.txt
rm -f errors.txt
for DIR in *
do 
	echo $DIR
	chown -R ${DOMAIN}\\${DIR}:${DOMAIN}\\Domain\ Users $DIR 2>&1 > /dev/null || echo "$DIR" >> /tmp/errors.txt
	samba-tool ntacl set "O:$(wbinfo --name-to-sid ${DIR}@a$REALM | cut -f 1 --delimiter=' ')G:DUD:(A;;0x001f01ff;;;$(wbinfo --name-to-sid ${DIR}@$REALM | cut -f 1 --delimiter=' '))(A;;;;;DU)(A;;;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001200a9;;;CG)(A;OICIIO;0x001200a9;;;WD)" ./${DIR} 2>&1 > /dev/null || echo "$DIR" >> /tmp/errors.txt
done
Retrieved from "https://kb.rvmgroup.it/index.php?title=Script_per_impostare_le_permission_delle_share_utenti_in_samba&oldid=11377"