[Samba] samba ignores supplementary groups for acl
Hi, I'm running samba 3.4.5 on Centos (x86_64). The filesystem is ext3 with acl support. winbind works fine. Please see below. when I am logged in using ssh, I can list the files in a folder (/var/Share) for which the group staff has r-x permissions. The problem is I can't list the folder through samba: $ ssh cyberlab+k...@cladms003 Password: Linux cladms003 2.6.8-2-sparc64 #1 Wed Mar 23 04:23:37 EST 2005 sparc64 GNU/Linux Last login: Thu Jul 28 10:13:46 2005 from 172.18.17.237 cyberlab+k...@cladms003:~$ getfacl /var/Share/ getfacl: Removing leading '/' from absolute path names # file: var/Share # owner: root # group: root user::rwx group::r-x group:staff:r-x mask::r-x other::--- default:user::rwx default:group::r-x default:group:staff:r-x default:mask::r-x default:other::--- cyberlab+k...@cladms003:~$ id uid=1(CYBERLAB+kent) gid=1(CYBERLAB+domain users) groups=50(staff),1 (CYBERLAB+domain users),10001(CYBERLAB+staffs) cyberlab+k...@cladms003:~$ ls -l /var/Share/ total 24 drwxr-x---+ 16 root root 4096 2005-07-25 18:14 Applications drwxr-x---+ 11 root root 4096 2005-07-25 21:30 Data drwxr-x---+ 63 root root 4096 2005-07-26 17:37 Packages In a DOS prompt on a Windows 2000 client: C:\net use f: \\cladms003\Share command completed successfully C:\dir f: access denied I believe this problem only happens when used with winbind (a domain user whose is in a linux group). If I set security to user and access the share as linux user kent who is in the staff group (but not primary group), then it will work. Thanks for any info! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba ignores supplementary groups for acl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kent Tong wrote: | [EMAIL PROTECTED]:~$ getfacl /var/Share/ | getfacl: Removing leading '/' from absolute path names | # file: var/Share | # owner: root | # group: root | user::rwx | group::r-x | group:staff:r-x | mask::r-x | other::--- | default:user::rwx | default:group::r-x | default:group:staff:r-x | default:mask::r-x | default:other::--- | | [EMAIL PROTECTED]:~$ id | uid=1(CYBERLAB+kent) gid=1(CYBERLAB+domain users) | groups=50(staff),1 (CYBERLAB+domain users), | 10001(CYBERLAB+staffs) | I believe this problem only happens when used with | winbind (a domain user whose is in a linux group). If I | set security to user and access the share as linux user | kent who is in the staff group (but not primary group), | then it will work. This is actually by design. smbd only uses the Windows group when setting the group list for a domain user. So you cannot mix winbind and unix groups. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC6qjjIR7qMdg1EfYRAgbPAKCOkMi/VFbQ1Wwn+1Ijk8AdMXqS5wCfQxdy 9Ck0NkIQpGlq/U8mypf3dco= =Z7yc -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba ignores supplementary groups for acl
Hi, I'm running samba 3.0.14a-3 on Debian sarge (sparc). The filesystem is ext3 with acl support. winbind works fine. Please see below. when I am logged in using ssh, I can list the files in a folder (/var/Share) for which the group staff has r-x permissions. The problem is I can't list the folder through samba: $ ssh [EMAIL PROTECTED] Password: Linux cladms003 2.6.8-2-sparc64 #1 Wed Mar 23 04:23:37 EST 2005 sparc64 GNU/Linux Last login: Thu Jul 28 10:13:46 2005 from 172.18.17.237 [EMAIL PROTECTED]:~$ getfacl /var/Share/ getfacl: Removing leading '/' from absolute path names # file: var/Share # owner: root # group: root user::rwx group::r-x group:staff:r-x mask::r-x other::--- default:user::rwx default:group::r-x default:group:staff:r-x default:mask::r-x default:other::--- [EMAIL PROTECTED]:~$ id uid=1(CYBERLAB+kent) gid=1(CYBERLAB+domain users) groups=50(staff),1 (CYBERLAB+domain users),10001(CYBERLAB+staffs) [EMAIL PROTECTED]:~$ ls -l /var/Share/ total 24 drwxr-x---+ 16 root root 4096 2005-07-25 18:14 Applications drwxr-x---+ 11 root root 4096 2005-07-25 21:30 Data drwxr-x---+ 63 root root 4096 2005-07-26 17:37 Packages In a DOS prompt on a Windows 2000 client: C:\net use f: \\cladms003\Share command completed successfully C:\dir f: access denied I believe this problem only happens when used with winbind (a domain user whose is in a linux group). If I set security to user and access the share as linux user kent who is in the staff group (but not primary group), then it will work. Thanks for any info! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
