Bug 6132 - force user no longer works under some conditions
Summary: force user no longer works under some conditions
Status: RESOLVED DUPLICATE of bug 6131
Alias: None
Product: Samba 3.3
Classification: Unclassified
Component: Config Files (show other bugs)
Version: 3.3.0
Hardware: x86 Linux
: P3 normal
Target Milestone: ---
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-02-20 08:37 UTC by Andrei B
Modified: 2009-02-20 16:19 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrei B 2009-02-20 08:37:43 UTC
After I recently upgraded to Slackware 12.2, I also upgraded the default distro package from samba-3.2.5 to samba-3.2.7 (security update by distro owner). 
Immediately I found out that some configurations no longer worked. 

Relevant sections from smb.conf : 
smb.conf
=======================================================
[global]
    security = share
include = /etc/samba/smb.conf.%m
smb ports = 139
unix extensions = no
lanman auth = yes # some clients are win9x (required)

smb.conf.station-1
=======================================================
[some-share]
    path = /path/to/some-share
    valid users = user1
    writeable = yes
    force user = user2
    force group = grp2
    create mode = 640
    directory mode = 750

UNIX user user1 exists, is part of grp1 (only) and has samba password set and working. 
UNIX user user2 exists, is part of grp2 (only). 

- user1 is authenticated succesfully and given access to shares that do not use "force user" directive. 

/path/to/some-share user2 grp2 drwxr-x---

- user2 can acces /path/to/some-share without problem if logged in from console shell.
- user1 can acces this share via user2 forced user without problem in samba-3.2.5

With samba-3.2.6, samba-3.2.7, samba-3.2.8, samba-3.3.0 this configuration does not work (user1 is denied access) with the following errors recorded in the logs at debug level 5 : 

[2009/02/20 15:45:42,  2] smbd/uid.c:change_to_user(242)
  change_to_user: unix user user2 not permitted access to share some-share.
[2009/02/20 15:45:42,  0] smbd/service.c:make_connection_snum(1078)
  Can't become connected user!
[2009/02/20 15:45:42,  3] smbd/connection.c:yield_connection(31)
  Yielding connection to some-share
[2009/02/20 15:45:42,  3] smbd/error.c:error_packet_set(80)
  error packet at smbd/reply.c(696) cmd=117 (SMBtconX) eclass=1 ecode=5
Comment 1 Björn Jacke 2009-02-20 16:19:01 UTC

*** This bug has been marked as a duplicate of 6131 ***