The Samba-Bugzilla – Bug 444
only primary group used in permissions processing
Last modified: 2005-11-14 09:28:56 UTC
I cannot access a directory via samba, even though the user is in a group that
has rwx access to that directory. This occurs when the group is not the user's
primary group. If the directory is chgrp'd to the user's primary group the
problem goes away.
This is using samba 3.0rc3, linux 2.6.0-test5, using a windows XP client. User
accounts are in active directory and made available to linux via winbind.
In a shared directory:
# mkdir test
# chmod 770 test
# groups mdawson
Domain Admins Domain Users Schema Admins staff business_systems_users IT
# getent passwd mdawson
# wbinfo -n "domain users"
# wbinfo -Y S-1-5-21-1123561945-1957994488-839522115-513 2
(so domain users is my primary group)
# chgrp "domain admins" test
- access is denied from windows
# chgrp "domain users" test
- access is allowed
Setting the 'force group' parameter on the share makes it so I can use either
the group specified or the primary group, but no other groups.
I can get access to the directory fine from the shell. I've built samba with
and without acl support and have the same problem.
Let me know if I've missed any important info or if any further tests would be
This looks like bug 336. I might have been mistaken when I said the problem was
resolved. I just realized I had added a "force group" option to each of the
shares to work-around this issue while waiting for a fix, and forgot to remove
it when I retested. Since mdawson is still having the issue, I suspect it's
still there. I'll retest again. (a copy of this note will also be added to bug
*** This bug has been marked as a duplicate of 336 ***
originally reported against one of the 3.0.0rc[1-4] releases.
Cleaning up non-production versions.