The Samba-Bugzilla – Bug 6132
force user no longer works under some conditions
Last modified: 2009-02-20 16:19:01 UTC
After I recently upgraded to Slackware 12.2, I also upgraded the default distro package from samba-3.2.5 to samba-3.2.7 (security update by distro owner).
Immediately I found out that some configurations no longer worked.
Relevant sections from smb.conf :
security = share
include = /etc/samba/smb.conf.%m
smb ports = 139
unix extensions = no
lanman auth = yes # some clients are win9x (required)
path = /path/to/some-share
valid users = user1
writeable = yes
force user = user2
force group = grp2
create mode = 640
directory mode = 750
UNIX user user1 exists, is part of grp1 (only) and has samba password set and working.
UNIX user user2 exists, is part of grp2 (only).
- user1 is authenticated succesfully and given access to shares that do not use "force user" directive.
/path/to/some-share user2 grp2 drwxr-x---
- user2 can acces /path/to/some-share without problem if logged in from console shell.
- user1 can acces this share via user2 forced user without problem in samba-3.2.5
With samba-3.2.6, samba-3.2.7, samba-3.2.8, samba-3.3.0 this configuration does not work (user1 is denied access) with the following errors recorded in the logs at debug level 5 :
[2009/02/20 15:45:42, 2] smbd/uid.c:change_to_user(242)
change_to_user: unix user user2 not permitted access to share some-share.
[2009/02/20 15:45:42, 0] smbd/service.c:make_connection_snum(1078)
Can't become connected user!
[2009/02/20 15:45:42, 3] smbd/connection.c:yield_connection(31)
Yielding connection to some-share
[2009/02/20 15:45:42, 3] smbd/error.c:error_packet_set(80)
error packet at smbd/reply.c(696) cmd=117 (SMBtconX) eclass=1 ecode=5
*** This bug has been marked as a duplicate of 6131 ***