Bug 13894 - Window Client cant' sense that a user leaving the linux group.
Window Client cant' sense that a user leaving the linux group.
Status: RESOLVED INVALID
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DCE-RPCs and pipes
4.10.2
x64 Linux
: P5 major
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-11 14:22 UTC by ybyang2
Modified: 2019-04-12 03:52 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description ybyang2 2019-04-11 14:22:13 UTC
I make a build from source of 4.10.2 samba on a centos7 server;

I create a group named group1, and add a user named user1 to the group1;

i create a shared directory named common;

then run
 chmod 750 -R common;

setfacl -m g:group1:rw -R common

then; 
  start the smbd server;

on an windows, when i access the sharee, i can access the common content;

then, i run ; 

  gpasswd -d user1 common;

now , on windows , i can still browse the content. why?

i use smbclient and smcacls tools to check , they looks ok..

but on windows client, i can still browse it... very strange , 

any solutions is appreciated. thank you
Comment 1 ybyang2 2019-04-12 01:21:35 UTC
it seems like that , if a connection established; any changes such as , a user leaving the shared file owner group; the client will not sense this change and can still access the file or directory; but the new connection will sense this and they will not access those file or directory;
Comment 2 Jeremy Allison 2019-04-12 03:52:49 UTC
Yep, that's how it works. The security token for a connection is established at connection time, and isn't changed even if the groups/uids change whilst it's active.

Windows and Linux both work this way (as does Samba).