Score:0

Active Directory integration with Linux File System using Python

cn flag

We have an Active Directory setup. We have a bunch of Linux servers where we create a folders/directory where we need to give only Users in specific AD groups permissions.

How do we create directories and assign only read and write permissions to specific folders only to members of specific AD groups.

On Linux based LDAP this is a breeze. However when AD users access these folders via AD authentication there seems to be no restriction.

Assigning folder permissions-- is this possible via some command line utility or Python library so that only authenticated AD users who are accessing via Windows Pro laptop desktop has accesses that can be predefined.

Score:0
cn flag

Set file permissions to meet the policy you require.

Configure Linux boxes to look up users and groups in the directory. So, NSS. sssd is sometimes used for this, but maybe just ldap if you have suitable schema.

Put the users into a group in AD DS. chown the directories to the desired group membership. Remember to remove access by others with chmod o-rwx. If simple file persmissions do not work, consider more complex acls with setfacl

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.