-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Christian Perrier wrote:
> Guys, I want to double check the patch to 3.0.24 > (thanks, Jerry, for it) but I need a test case... > Given that I have to coordinate that update > with Debian's security team, I better have > to be triple secured..:-) > > However, I still haven't understood what *exactly* > is the bug..:-) > > David, do you have a smb.conf excerpt which > I could use for testing this ? Christian, The issue that setting force group on a share was causing all additional supplementary gids to be dropped from the user's token. So setup a share that has force group = foo and then create a directory or file that the user should be able to access based on supplementary groups other than "foo". You can verify the fix by looking at the NT and UNIX user token debug output in smbd's level 10 debug logs. Sorry for all the hassle and the regression. Jeremy and I have both looked over the code and haven't seen any other code paths than would be problematic so I think this one patch is enough. cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGTucPIR7qMdg1EfYRAlWVAKDRiZSq/FfghaiUWznGJOpOVEZ2GQCgs4Hg sezgqgVmbsq2HnODTW9sNCE= =ybgQ -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]