I'm trying to get a better understanding of how to think about User's and Groups in Zentyal. I must admit that my partial understanding leaves me confused.
On one hand, you have the fact that Zentyal is based on Linux, where (without Zentyal) Linux has its own way of handling Users, Groups and Permissions.
With Zentyal, in order to be to provide a join-able domain for Windows servers and workstation, it provide LDAP Users and Groups which seems to be a different level of controlling permissions for files and folders. But at a lower-level, there still exists the Linux users, groups and permissions (underneath), but when is it important to be aware of this fact?
When you first install Zentyal, it requires you to create a user during installation. After the install, you can use that user to login to the web interface for administering Zentyal. This user seems to only be a Linux user account. As a matter of fact, if you go look for this user in the Zentyal's Web Interface, under Users and Groups > Users, you will not see a LDAP User for the user you created during installation. Yet, if you try to create a LDAP user with the same name (as the user you created during installation) you will get a Zentyal error saying that /home/user already exists. So, the Linux user already exists and that username cannot be a LDAP username too. Therefore, the user you create during installation is a Linux user that cannot be a LDAP user.
It is pretty clear to me, that while I'm logged into a Window server or workstation (belonging to a Zentyal domain), that I'm a LDAP user. But, by default every LDAP user gets an 500mb quota h-drive mounted to his window's machine upon logging in. And, if you look on the Zentyal's linux file system, you will see that there is a /home/user folder for each LDAP user that has been created and this the source of that mounted h-drive.
So, on one hand, the user created during installation cannot be a LDAP user, but on the other hand it seems that each LDAP user is also a Linux user judging from the fact that each LDAP user has been created a folder in the /home/user location (the same location that a Linux users would have a user folder). However, on the other hand, these users are probably NOT actual Linux users too, due to this:
sudo nano /etc/passwd
LDAP users are not listed in /etc/passwd, like Christian has explained. So I guess this means, at the linux level, these are not Linux users, even though their user folders are kept (by LDAP I assume) in the same location that a Linux user's user-folder would be placed. Is this placement a good thing, or something to cause confusion? I guess if LDAP users can be escalated to Linux users, it makes sense for all their files to already be in the correct place before that escalation. I'd be curious to know the developer's actual reasoning.
Additionally, consider shares in Zentyal under File Sharing > shares. Here you can control permissions by adding "Access Controls". Are these "Access Controls" LDAP level file permissions, Linux level file permissions, or both?
And lastly, let return to Russle's issue. He wants to change permissions recursively on all the files and folders in his Zentyal share folder. The web interface does not explicitly provide the ability to recursively propagate permissions (under File Sharing > shares > Access Controls) to files and folders. Is this an oversight? Or is it absolutely unnecessary to provide a recursive propagation feature due to the fact that all Files and Folder in a Zentyal share inherit the permissions of their share folder?
I know how to recursively propagate permission in Linux and in NTFS, but this probably doesn't apply here because I think we are talking about a higher-level LDAP permission-level.
I hope that sharing my own confusion helps Russle, and I'll appreciate comments that will disabuse my own misconceptions. In the meantime, I'm going to go read this again (more thoroughly):
http://doc.zentyal.org/en/directory.html