Hi team, here's a new case.
Problem
The domanen-Benutzer user group does not exist in the permission users of parent directories 10 to 7 in the CIFS share, but the permission users of subdirectories otten exist in the user group.
Fault Symptom
In the CIFS share, a user group is added to the subdirectory permission on the Windows client.
The customer reports that the user group is not added to the subdirectory, and the user group does not exist in the parent directory.
Cause
When a user group is added to the Creator group, the Windows system automatically adds the primary group to which the user belongs to. Even if the primary group is deleted from the parent directory, the primary group is automatically added to the subdirectory when the creator group permission is inherited to the subdirectory.
Location Method
1. Check the permission settings of the otten subdirectory. It is found that the permission of the domanen-Benutzer user group inherits from the parent directory, that is, 10 to 7.
2. The user group domanen-Benutzer does not exist in the permission users of the parent directories 10 to 7. However, the packet capture analysis shows that the user group exists in the directory.
3. The Creator group is a built-in Windows user group.
It represents the primary group of the user who creates the directory.
The permission of the Creator group indicates the permission of other members in the primary group to access the directory.
When the creator group user group is added, the system automatically adds the main group to which the user belongs, that is, the domanen-Benutzer user group.
4. When the subdirectory otten inherits the permissions of the parent directory 10-7, the subdirectory otten has the creator group user group and the main group domanen-Benutzer to which the user belongs. Parent directories 10 to 7 do not have the primary group permission because the customer manually deletes the primary group.
The creator group permission is still inherited to the subdirectories. Therefore, the subdirectories have the creator group user group and domanen-Benutzer.
Solution
1. If the user does not need the permission of the creator group user group, you are advised to delete the user group from the parent directory. In this way, the creator groups and the primary groups to which the user belongs in all subdirectories will also be deleted.
2. If the customer needs to use the rights of the creator group user group, you do not need to modify the rights. The main group does not affect the use of any rights. This is a normal phenomenon in Windows.
Post-Recovery Check
After the creator group user group is deleted from the parent directory, check whether the information about the primary user group to which the user belongs exists in the subdirectory permission.
