I didn't see a clear explanation about changing folders/files permission on server side when using Linux as an Active Directory Domain Controller (ADDC), but I have problems all the time with permissions.
My system is now with Debian Jessie, having the home folder mounted with acl and xattr in a separated partition (RAID 5). My Samba is compiled is not the one that is available at the repositories. But I another server that uses the repositories packages and have the same problems
Sometimes, using RSAT, my administrative user can't change the share add users, groups or change a share permissions because, out of nothing, even the Administrators do not have permission to change it.
In my network I create the shares with the same name of the groups. The using RSAT add the group to the share and when a user need access to it I just add him/her to the group. I define, for example, the share name "the_stuff" with group name "the_stuff" and add the users to the group. The group the_stuff in this case has RW permissions to the share.
Microsoft Office files are very problematic. Each time someone changes and saves the file its owner it changed too, making the file readonly for the others in the same group (that's a known Office issue even in Windows Servers). But we're having problems with Corel files and even folders.
smb.conf:
[the_stuff]
path = /home/shares/the_stuff
read only = No
Which are the right unix permissions and methods to prepare a share to be used on AD?
