Bug 444 - only primary group used in permissions processing
Summary: only primary group used in permissions processing
Status: RESOLVED DUPLICATE of bug 336
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.0preX
Hardware: All Linux
: P1 normal
Target Milestone: 3.0.1
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact:
Depends on:
Reported: 2003-09-12 04:48 UTC by Mike Dawson
Modified: 2005-11-14 09:28 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Mike Dawson 2003-09-12 04:48:47 UTC
I cannot access a directory via samba, even though the user is in a group that
has  rwx access to that directory.  This occurs when the group is not the user's
primary group.  If the directory is chgrp'd to the user's primary group the
problem goes away.

This is using samba 3.0rc3, linux 2.6.0-test5, using a windows XP client.  User
accounts are in active directory and made available to linux via winbind.

In a shared directory:
# mkdir test
# chmod 770 test

# groups mdawson
Domain Admins Domain Users Schema Admins staff business_systems_users IT
Services webadmins
# getent passwd mdawson
# wbinfo -n "domain users"
S-1-5-21-1123561945-1957994488-839522115-513 2
# wbinfo -Y S-1-5-21-1123561945-1957994488-839522115-513 2
(so domain users is my primary group)

# chgrp "domain admins" test
- access is denied from windows
# chgrp "domain users" test
- access is allowed

Setting the 'force group' parameter on the share makes it so I can use either
the group specified or the primary group, but no other groups.

I can get access to the directory fine from the shell.  I've built samba with
and without acl support and have the same problem.

Let me know if I've missed any important info or if any further tests would be
Comment 1 Brian King 2003-09-12 06:37:17 UTC
This looks like bug 336. I might have been mistaken when I said the problem was 
resolved. I just realized I had added a "force group" option to each of the 
shares to work-around this issue while waiting for a fix, and forgot to remove 
it when I retested. Since mdawson is still having the issue, I suspect it's 
still there. I'll retest again. (a copy of this note will also be added to bug 
Comment 2 Gerald (Jerry) Carter (dead mail address) 2003-09-24 15:14:32 UTC

*** This bug has been marked as a duplicate of 336 ***
Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-02-07 09:05:57 UTC
originally reported against one of the 3.0.0rc[1-4] releases.
Cleaning up non-production versions.
Comment 4 Gerald (Jerry) Carter (dead mail address) 2005-11-14 09:28:56 UTC
database cleanup