3741 – Unix groups do no longer work with valid users

Bug 3741 - Unix groups do no longer work with valid users

Summary: Unix groups do no longer work with valid users

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	File Services (show other bugs)
Version:	3.0.23
Hardware:	x86 Linux

Importance:	P3 major
Target Milestone:	none
Assignee:	Samba Bugzilla Account
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2006-04-28 17:51 UTC by Marcel Müller
Modified:	2006-04-30 09:36 UTC (History)
CC List:	0 users

See Also:

Attachments
config file for the test (1.52 KB, text/plain) 2006-04-29 11:36 UTC, Marcel Müller	no flags	Details
Level 10 log (33.20 KB, text/plain) 2006-04-29 13:44 UTC, Marcel Müller	no flags	Details
Patch checked in with r15360 (1.35 KB, patch) 2006-04-30 09:35 UTC, Volker Lendecke	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcel Müller 2006-04-28 17:51:41 UTC

With smbd 3.0.23 the access to shares protected by a valid users constraint is denied if the permission is grant to a unix group.

E.g. if I have a share with "valid users = @users" (or something similar) nobody can access this share. If I enter the user names directly, everything is fine.

The problem seems to have something to do with gid mapping.
I fixed it by this dirty patch:

Index: passdb/lookup_sid.c
===================================================================
--- passdb/lookup_sid.c (revision 15311)
+++ passdb/lookup_sid.c (working copy)
@@ -1070,11 +1070,12 @@
                goto done;
        }

+       /* GID-BUG???
        if (pdb_rid_algorithm() && (gid < max_algorithmic_gid())) {
                sid_copy(psid, get_global_sam_sid());
                sid_append_rid(psid, pdb_gid_to_group_rid(gid));
                goto done;
-       } else {
+       } else */ {
                sid_copy(psid, &global_sid_Unix_Groups);
                sid_append_rid(psid, gid);
                goto done;

However, it is unlikely that I hit the nail on the head.

Environment:
I use the LANMAN2 protocol (OS/2 clients) and a Linux server. But as far as I remember I had the same problem using the NTLM protocol.

Marcel

Comment 1 Volker Lendecke 2006-04-29 07:16:37 UTC

Could you please append a debug level 10 smbd log and your smb.conf file?

I thought I had made a provision to solve exactly this issue.

Thanks,

Volker

Comment 2 Marcel Müller 2006-04-29 11:36:38 UTC

Created attachment 1882 [details]
config file for the test

Comment 3 Marcel Müller 2006-04-29 13:44:13 UTC

Created attachment 1883 [details]
Level 10 log

Comment 4 Volker Lendecke 2006-04-30 09:35:31 UTC

Created attachment 1884 [details]
Patch checked in with r15360

Comment 5 Volker Lendecke 2006-04-30 09:36:22 UTC

The patch I just attached fixes the problem for me. Please re-open and send in new debug level 10 logs if it still fails for you.

Thanks for testing!

Volker