Bug 1282 - Number of groups samba reports & accessing directories
Summary: Number of groups samba reports & accessing directories
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.2a
Hardware: All Solaris
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-04-22 06:20 UTC by Michael Auleta
Modified: 2005-11-14 09:27 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Auleta 2004-04-22 06:20:04 UTC
If a user is in a total of 16 groups, Samba 3.0.2a does not report it
correctly.  This prevents opening directories if the permissions on the
directory are 770 even if the user is a member of the group owning the
directory.  If the user is removed from one of the groups, (not the one owning
the directory), they can then open the directory and all is right with the
world.  A piece of output from a -d 10 shows that samba is reporting the primary
group twice hance it's reporting 17 groups to the OS instead of 16:

[2004/04/22 07:44:15, 5] auth/auth_util.c:debug_unix_user_token(505)
  UNIX token of user 15982
  Primary group is 3018 and contains 17 supplementary groups
  Group[  0]: 3018
  Group[  1]: 3018
  Group[  2]: 4092
  Group[  3]: 1501
  Group[  4]: 6036
  Group[  5]: 1606
  Group[  6]: 1603
  Group[  7]: 1665
  Group[  8]: 1605
  Group[  9]: 5001
  Group[ 10]: 1600
  Group[ 11]: 7044
  Group[ 12]: 1602
  Group[ 13]: 1604
  Group[ 14]: 2001
  Group[ 15]: 7001
  Group[ 16]: 5300

If I remove the user from one group, the reporting only shows 16 groups instead
of 17.  Samba still reports the primary group twice however:

[2004/04/22 08:57:21, 5] auth/auth_util.c:debug_unix_user_token(505)
  UNIX token of user 15982
  Primary group is 3018 and contains 16 supplementary groups
  Group[  0]: 3018
  Group[  1]: 3018
  Group[  2]: 4092
  Group[  3]: 1501
  Group[  4]: 6036
  Group[  5]: 1606
  Group[  6]: 1603
  Group[  7]: 1665
  Group[  8]: 1605
  Group[  9]: 1600
  Group[ 10]: 7044
  Group[ 11]: 1602
  Group[ 12]: 1604
  Group[ 13]: 2001
  Group[ 14]: 7001
  Group[ 15]: 5300

The user can now get into those directories he couldn't before.
Comment 1 Gerald (Jerry) Carter (dead mail address) 2004-04-22 18:05:43 UTC
already fixed in 3.0.3rc1
Comment 2 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:17:37 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-11-14 09:27:44 UTC
database cleanup