Samba ignores linux groups
larss
I have this problem regarding Samba ignoring groups permissions. I'll
explain the issue using a sample share called testcond. The cond0
directory shared is owned by apache
[testcond]
path = /home/condivisioni/cond0
public = yes
writable = yes
printable = no
directory mask = 0755
I have my system set up with ACLs, and when a Windows user tries to get
into the share, everything goes well according to the applying ACLs,
i.e.
[root@spdemo condivisioni]# getfacl cond0
# file: cond0
# owner: apache
# group: apache
user::rwx
user:mrossi:rwx
group::---
mask::rwx
other::---
Here user mrossi can rwx on the share.
Now, if i add user mrossi to group testgroup, remove mrossi from ACL
for cond0 and add group testgroup to ACL with rwx permissions, such as:
[root@spdemo condivisioni]# getfacl cond0
# file: cond0
# owner: apache
# group: apache
user::rwx
group::---
group:testgroup:rwx
mask::rwx
other::---
mrossi can't do anything, either reading or writing the share.
Everything seems to be ok on the linux side, being user included in the
group and ACL correctly set. If i "su mrossi" i can go into the
directory and touch files, so the filesystem knows how to handle my
secondary group testgroup. On the opposite, samba seems to ignore my
participation to the group.
Can somebody give me a hint?
TIA, larss
--
In God we trust. All others must bring data
Robert Hayden
Chris Barnes
> Hi!
> I have this problem regarding Samba ignoring groups permissions.
I hope someone answers this question - as I was just about to post the
exact same question....
--
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Chris Barnes AOL IM: CNBarnes
ch...@txbarnes.com Yahoo IM: chrisnbarnes
You always have freedom of choice, but you never have freedom of
consequence.
ma...@uunix.com
larss
ma...@uunix.com ha scritto:
> Not sure anyone answers anything here?
Ok guys, i found an extremely useful evidence of what's happening.
We said that samba doesn't care whether or not the user belongs to a
group. If he's listed in the ACLs he'll pass through, if not he won't.
This is not completely true: the issue is that samba DOESN'T KNOW that
the user belongs to the group. Reloading samba correct the situation,
just because samba RELOADS /etc/groups ad maps correctly users into
groups.
Make me know if this hint helps
Chris Barnes
> ma...@uunix.com ha scritto:
>
>> Not sure anyone answers anything here?
>
> Ok guys, i found an extremely useful evidence of what's happening.
> We said that samba doesn't care whether or not the user belongs to a
> group. If he's listed in the ACLs he'll pass through, if not he won't.
> This is not completely true: the issue is that samba DOESN'T KNOW that
> the user belongs to the group. Reloading samba correct the situation,
> just because samba RELOADS /etc/groups ad maps correctly users into
> groups.
>
> Make me know if this hint helps
It didn't fix it in my case (the user has been a member of the group for
a very long time).
I should note that what I am doing IS slightly different. On the Linux
side, I have a soft link from the user's home directory to the shared
directory.
ln -s /home/shared/testgroup testshare
In the smb.conf I have:
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
force create mode = 0660
delete readonly = yes
map archive = no
case sensitive = yes
follow symlinks = yes
[testshared]
comment = Test Shared
browsable = no
path = /home/shared/testgroup
valid users = @test
writable = yes
force create mode = 0660
force directory mode = 0771
force group = test
IF the user maps to the "testshared" share, it works perfectly (ie. uses
the group membership to give access). However, if they try to browse to
the testgroup "directory", it does not grant them access.
It shouldn't matter, but I have even changed the symlink 'file' to have
the user be the owner. Still no dice.