I make a build from source of 4.10.2 samba on a centos7 server;
I create a group named group1, and add a user named user1 to the group1;
i create a shared directory named common;
chmod 750 -R common;
setfacl -m g:group1:rw -R common
start the smbd server;
on an windows, when i access the sharee, i can access the common content;
then, i run ;
gpasswd -d user1 common;
now , on windows , i can still browse the content. why?
i use smbclient and smcacls tools to check , they looks ok..
but on windows client, i can still browse it... very strange ,
any solutions is appreciated. thank you
it seems like that , if a connection established; any changes such as , a user leaving the shared file owner group; the client will not sense this change and can still access the file or directory; but the new connection will sense this and they will not access those file or directory;
Yep, that's how it works. The security token for a connection is established at connection time, and isn't changed even if the groups/uids change whilst it's active.
Windows and Linux both work this way (as does Samba).