Bug 444 - only primary group used in permissions processing
only primary group used in permissions processing
Status: RESOLVED DUPLICATE of bug 336
Product: Samba 3.0
Classification: Unclassified
Component: File Services
3.0.0preX
All Linux
: P1 normal
: 3.0.1
Assigned To: Gerald (Jerry) Carter
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2003-09-12 04:48 UTC by Mike Dawson
Modified: 2005-11-14 09:28 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Dawson 2003-09-12 04:48:47 UTC
I cannot access a directory via samba, even though the user is in a group that
has  rwx access to that directory.  This occurs when the group is not the user's
primary group.  If the directory is chgrp'd to the user's primary group the
problem goes away.

This is using samba 3.0rc3, linux 2.6.0-test5, using a windows XP client.  User
accounts are in active directory and made available to linux via winbind.

In a shared directory:
# mkdir test
# chmod 770 test

# groups mdawson
Domain Admins Domain Users Schema Admins staff business_systems_users IT
Services webadmins
# getent passwd mdawson
mdawson:x:10000:10001::/home/TOTTON/mdawson:/bin/bash
# wbinfo -n "domain users"
S-1-5-21-1123561945-1957994488-839522115-513 2
# wbinfo -Y S-1-5-21-1123561945-1957994488-839522115-513 2
10001
(so domain users is my primary group)

# chgrp "domain admins" test
- access is denied from windows
# chgrp "domain users" test
- access is allowed

Setting the 'force group' parameter on the share makes it so I can use either
the group specified or the primary group, but no other groups.

I can get access to the directory fine from the shell.  I've built samba with
and without acl support and have the same problem.

Let me know if I've missed any important info or if any further tests would be
useful.
Comment 1 Brian King 2003-09-12 06:37:17 UTC
This looks like bug 336. I might have been mistaken when I said the problem was 
resolved. I just realized I had added a "force group" option to each of the 
shares to work-around this issue while waiting for a fix, and forgot to remove 
it when I retested. Since mdawson is still having the issue, I suspect it's 
still there. I'll retest again. (a copy of this note will also be added to bug 
336).
Comment 2 Gerald (Jerry) Carter 2003-09-24 15:14:32 UTC

*** This bug has been marked as a duplicate of 336 ***
Comment 3 Gerald (Jerry) Carter 2005-02-07 09:05:57 UTC
originally reported against one of the 3.0.0rc[1-4] releases.
Cleaning up non-production versions.
Comment 4 Gerald (Jerry) Carter 2005-11-14 09:28:56 UTC
database cleanup