Bug 13894 - Window Client cant' sense that a user leaving the linux group.
Summary: Window Client cant' sense that a user leaving the linux group.
Status: RESOLVED INVALID
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DCE-RPCs and pipes (show other bugs)
Version: 4.10.2
Hardware: x64 Linux
: P5 major (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-04-11 14:22 UTC by ybyang2
Modified: 2019-04-12 03:52 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description ybyang2 2019-04-11 14:22:13 UTC 
I make a build from source of 4.10.2 samba on a centos7 server;

I create a group named group1, and add a user named user1 to the group1;

i create a shared directory named common;

then run
 chmod 750 -R common;

setfacl -m g:group1:rw -R common

then; 
  start the smbd server;

on an windows, when i access the sharee, i can access the common content;

then, i run ; 

  gpasswd -d user1 common;

now , on windows , i can still browse the content. why?

i use smbclient and smcacls tools to check , they looks ok..

but on windows client, i can still browse it... very strange , 

any solutions is appreciated. thank you
Comment 1 ybyang2 2019-04-12 01:21:35 UTC 
it seems like that , if a connection established; any changes such as , a user leaving the shared file owner group; the client will not sense this change and can still access the file or directory; but the new connection will sense this and they will not access those file or directory;
Comment 2 Jeremy Allison 2019-04-12 03:52:49 UTC 
Yep, that's how it works. The security token for a connection is established at connection time, and isn't changed even if the groups/uids change whilst it's active.

Windows and Linux both work this way (as does Samba).