This is reported in Debian bug #517760. While initially reported as "force group = +<group>" no longer working, it finally appears that "force group" itself is no longer working as expected. Sample smb.conf: [global] workgroup = MAISON server string = Le portable de Kiki (samba %v) bind interfaces only = Yes log level = 1 max log size = 1000 printcap name = /etc/printcap message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' & invalid users = root printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j [public] comment = Public path = /var/tmp/samba-test force group = users read only = No create mask = 0770 directory mask = 0700 guest ok = Yes /var/samba/test: root@mykerinos:/etc/samba> ls -la /var/tmp/samba-test/ total 0 drwxrwxrwx 2 bubulle bikinibottom 6 mar 3 21:52 . drwxrwxrwt 8 root root 135 mar 3 05:29 .. Connecting with smbclient: bubulle@mykerinos:~> smbclient //localhost/public Enter bubulle's password: Domain=[MYKERINOS] OS=[Unix] Server=[Samba 3.3.1] smb: \> put foo putting file foo as \foo (0,1 kb/s) (average 0,1 kb/s) Back to /var/samba/test: root@mykerinos:/etc/samba> ls -la /var/tmp/samba-test/ total 4 drwxrwxrwx 2 bubulle bikinibottom 16 mar 3 21:52 . drwxrwxrwt 8 root root 135 mar 3 05:29 .. -rwxrw---- 1 bubulle bubulle 7 mar 3 21:52 foo root@mykerinos:/etc/samba> id bubulle uid=1000(bubulle) gid=1000(bubulle) groupes=1000(bubulle),29(audio),30(dip),44(video),46(plugdev),105(hal),800(geneweb),116(pootle),117(powerdev),1007(bob),126(vboxusers) A level 3 log doesn't show anything really relevant while doing this: [2009/03/03 21:54:47, 3] smbd/service.c:make_connection_snum(1103) mykerinos (::ffff:127.0.0.1) connect to service IPC$ initially as user bubulle (uid=1000, gid=1000) (pid 23751) [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/reply.c:reply_tcon_and_X(789) tconX service=IPC$ [2009/03/03 21:54:47, 3] smbd/process.c:process_smb(1554) Transaction 4 of length 110 (0 toread) [2009/03/03 21:54:47, 3] smbd/process.c:switch_message(1378) switch message SMBtrans2 (pid 23751) conn 0x9094468 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/msdfs.c:get_referred_path(813) get_referred_path: |public| in dfs path \localhost\public is not a dfs root. [2009/03/03 21:54:47, 3] smbd/error.c:error_packet_set(61) error packet at smbd/trans2.c(7286) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND [2009/03/03 21:54:47, 3] smbd/process.c:process_smb(1554) Transaction 5 of length 39 (0 toread) [2009/03/03 21:54:47, 3] smbd/process.c:switch_message(1378) switch message SMBtdis (pid 23751) conn 0x9094468 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/service.c:close_cnum(1315) mykerinos (::ffff:127.0.0.1) closed connection to service IPC$ [2009/03/03 21:54:47, 3] smbd/connection.c:yield_connection(31) Yielding connection to IPC$ [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/process.c:process_smb(1554) Transaction 6 of length 92 (0 toread) [2009/03/03 21:54:47, 3] smbd/process.c:switch_message(1378) switch message SMBtconX (pid 23751) conn 0x0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] lib/util_sid.c:string_to_sid(228) string_to_sid: Sid root does not start with 'S-'. [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/uid.c:push_conn_ctx(383) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/uid.c:push_conn_ctx(383) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/uid.c:push_conn_ctx(383) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/uid.c:push_conn_ctx(383) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/uid.c:push_conn_ctx(383) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/uid.c:push_conn_ctx(383) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/service.c:find_forced_group(614) Forced group users [2009/03/03 21:54:47, 3] smbd/service.c:make_connection_snum(863) Connect path is '/var/tmp/samba-test' for service [public] [2009/03/03 21:54:47, 3] smbd/vfs.c:vfs_init_default(96) Initialising default vfs hooks [2009/03/03 21:54:47, 3] smbd/vfs.c:vfs_init_custom(130) Initialising custom vfs hooks from [/[Default VFS]/] [2009/03/03 21:54:47, 3] lib/util_sid.c:string_to_sid(228) string_to_sid: Sid root does not start with 'S-'. [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/uid.c:push_conn_ctx(383) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/uid.c:push_conn_ctx(383) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/uid.c:push_conn_ctx(383) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/uid.c:push_conn_ctx(383) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/uid.c:push_conn_ctx(383) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/uid.c:push_conn_ctx(383) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 1] smbd/service.c:make_connection_snum(1103) mykerinos (::ffff:127.0.0.1) connect to service public initially as user bubulle (uid=1000, gid=1000) (pid 23751) [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/reply.c:reply_tcon_and_X(789) tconX service=PUBLIC [2009/03/03 21:54:47, 3] smbd/process.c:process_smb(1554) Transaction 7 of length 57 (0 toread) [2009/03/03 21:54:47, 3] smbd/process.c:switch_message(1378) switch message SMBecho (pid 23751) conn 0x0 [2009/03/03 21:54:47, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:47, 3] smbd/reply.c:reply_echo(4649) echo 1 times [2009/03/03 21:54:49, 3] smbd/process.c:process_smb(1554) Transaction 8 of length 80 (0 toread) [2009/03/03 21:54:49, 3] smbd/process.c:switch_message(1378) switch message SMBopenX (pid 23751) conn 0x9094468 [2009/03/03 21:54:49, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:49, 3] smbd/dosmode.c:unix_mode(124) unix_mode(foo) returning 0760 [2009/03/03 21:54:49, 2] smbd/open.c:open_file(520) bubulle opened file foo read=Yes write=Yes (numopen=1) [2009/03/03 21:54:49, 3] smbd/process.c:process_smb(1554) Transaction 9 of length 75 (0 toread) [2009/03/03 21:54:49, 3] smbd/process.c:switch_message(1378) switch message SMBwriteX (pid 23751) conn 0x9094468 [2009/03/03 21:54:49, 3] lib/util.c:fcntl_getlock(2085) fcntl_getlock: fd 27 is returned info 2 pid 0 [2009/03/03 21:54:49, 3] smbd/oplock.c:initial_break_processing(299) initial_break_processing: called for 307:6019fd/1 Current oplocks_open (exclusive = 0, levelII = 0) [2009/03/03 21:54:49, 3] smbd/oplock.c:process_oplock_async_level2_break_message(437) process_oplock_async_level2_break_message: downgrading fake level 2 oplock. [2009/03/03 21:54:49, 3] smbd/reply.c:reply_write_and_X(4121) writeX fnum=9246 num=7 wrote=7 [2009/03/03 21:54:49, 3] smbd/process.c:process_smb(1554) Transaction 10 of length 45 (0 toread) [2009/03/03 21:54:49, 3] smbd/process.c:switch_message(1378) switch message SMBclose (pid 23751) conn 0x9094468 [2009/03/03 21:54:49, 3] smbd/reply.c:reply_close(4338) close fd=27 fnum=9246 (numopen=1) [2009/03/03 21:54:49, 3] locking/locking.c:get_share_mode_lock(825) fill_share_mode_lock failed [2009/03/03 21:54:49, 2] smbd/close.c:close_normal_file(594) bubulle closed file foo (numopen=0) NT_STATUS_OK [2009/03/03 21:54:50, 3] smbd/process.c:process_smb(1554) Transaction 11 of length 39 (0 toread) [2009/03/03 21:54:50, 3] smbd/process.c:switch_message(1378) switch message SMBtdis (pid 23751) conn 0x9094468 [2009/03/03 21:54:50, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:50, 3] smbd/sec_ctx.c:set_sec_ctx(324) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/03/03 21:54:50, 1] smbd/service.c:close_cnum(1315) mykerinos (::ffff:127.0.0.1) closed connection to service public
Created attachment 3968 [details] Patch for 3.3.1 This is a nasty one. Warrents a 3.3.2 I think. Very subtle bug to fix. Jeremy.
Jeremy, do you need us to confirm that the fix works (needs recompiling with the patch,e tc...) or do you consider it to be OK without other checks? -- Christian Perrier, for Debian maintainers
I've confirmed that current 3-3-test does work. I don't really like the patch though, I'm working on a different solution. Not sure what 3.3.2 will ship with. If you can wait a day or two, we'll know. Volker
Ok, after working with Volker on this. Yes - please compile and test with this patch. This will be the patch that goes into 3.3.2. Thanks, Jeremy.
Closing out bug report. Please re-open if it's still an issue. Thanks for reporting!