Samba ignores linux groups - SMB

This is a discussion on Samba ignores linux groups - SMB ; Hi! I have this problem regarding Samba ignoring groups permissions. I'll explain the issue using a sample share called testcond. The cond0 directory shared is owned by apache [testcond] path = /home/condivisioni/cond0 public = yes writable = yes printable = ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Samba ignores linux groups

  1. Samba ignores linux groups

    Hi!
    I have this problem regarding Samba ignoring groups permissions. I'll
    explain the issue using a sample share called testcond. The cond0
    directory shared is owned by apache

    [testcond]
    path = /home/condivisioni/cond0
    public = yes
    writable = yes
    printable = no
    directory mask = 0755

    I have my system set up with ACLs, and when a Windows user tries to get
    into the share, everything goes well according to the applying ACLs,
    i.e.

    [root@spdemo condivisioni]# getfacl cond0
    # file: cond0
    # owner: apache
    # group: apache
    user::rwx
    user:mrossi:rwx
    group::---
    mask::rwx
    other::---

    Here user mrossi can rwx on the share.

    Now, if i add user mrossi to group testgroup, remove mrossi from ACL
    for cond0 and add group testgroup to ACL with rwx permissions, such as:

    [root@spdemo condivisioni]# getfacl cond0
    # file: cond0
    # owner: apache
    # group: apache
    user::rwx
    group::---
    group:testgroup:rwx
    mask::rwx
    other::---

    mrossi can't do anything, either reading or writing the share.
    Everything seems to be ok on the linux side, being user included in the
    group and ACL correctly set. If i "su mrossi" i can go into the
    directory and touch files, so the filesystem knows how to handle my
    secondary group testgroup. On the opposite, samba seems to ignore my
    participation to the group.

    Can somebody give me a hint?

    TIA, larss

    --
    In God we trust. All others must bring data
    Robert Hayden


  2. Re: Samba ignores linux groups

    larss wrote:
    > Hi!
    > I have this problem regarding Samba ignoring groups permissions.


    I hope someone answers this question - as I was just about to post the
    exact same question....


    --

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Chris Barnes AOL IM: CNBarnes
    chris@txbarnes.com Yahoo IM: chrisnbarnes

    You always have freedom of choice, but you never have freedom of
    consequence.



  3. Re: Samba ignores linux groups

    Not sure anyone answers anything here?


  4. Re: Samba ignores linux groups


    mark@uunix.com ha scritto:

    > Not sure anyone answers anything here?


    Ok guys, i found an extremely useful evidence of what's happening.
    We said that samba doesn't care whether or not the user belongs to a
    group. If he's listed in the ACLs he'll pass through, if not he won't.
    This is not completely true: the issue is that samba DOESN'T KNOW that
    the user belongs to the group. Reloading samba correct the situation,
    just because samba RELOADS /etc/groups ad maps correctly users into
    groups.

    Make me know if this hint helps

    larss

    --
    In God we trust. All others must bring data
    Robert Hayden


  5. Re: Samba ignores linux groups

    larss wrote:
    > mark@uunix.com ha scritto:
    >
    >> Not sure anyone answers anything here?

    >
    > Ok guys, i found an extremely useful evidence of what's happening.
    > We said that samba doesn't care whether or not the user belongs to a
    > group. If he's listed in the ACLs he'll pass through, if not he won't.
    > This is not completely true: the issue is that samba DOESN'T KNOW that
    > the user belongs to the group. Reloading samba correct the situation,
    > just because samba RELOADS /etc/groups ad maps correctly users into
    > groups.
    >
    > Make me know if this hint helps


    It didn't fix it in my case (the user has been a member of the group for
    a very long time).

    I should note that what I am doing IS slightly different. On the Linux
    side, I have a soft link from the user's home directory to the shared
    directory.
    ln -s /home/shared/testgroup testshare

    In the smb.conf I have:
    [homes]
    comment = Home Directories
    browseable = no
    writable = yes
    valid users = %S
    force create mode = 0660
    delete readonly = yes
    map archive = no
    case sensitive = yes
    follow symlinks = yes

    [testshared]
    comment = Test Shared
    browsable = no
    path = /home/shared/testgroup
    valid users = @test
    writable = yes
    force create mode = 0660
    force directory mode = 0771
    force group = test


    IF the user maps to the "testshared" share, it works perfectly (ie. uses
    the group membership to give access). However, if they try to browse to
    the testgroup "directory", it does not grant them access.

    It shouldn't matter, but I have even changed the symlink 'file' to have
    the user be the owner. Still no dice.

    --

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Chris Barnes AOL IM: CNBarnes
    chris@txbarnes.com Yahoo IM: chrisnbarnes

    You always have freedom of choice, but you never have freedom of
    consequence.



+ Reply to Thread