[Samba] Unable to give users access to folders within Samba share
Adam Nielsen
adam.nielsen at uq.edu.au
Thu Dec 8 00:23:49 GMT 2005
Hi,
I'm trying to give my users access to a folder contained within a Samba
share, e.g.
$ ls share
drwxrwsr-x 14 fsuser DOMAIN\OldGroup 432 2005-12-07 15:35 .
drwxr-xr-x 6 root root 128 2005-11-17 12:33 ..
drwxrwsr-x 3 fsuser DOMAIN\OldGroup 136 2005-11-22 16:56 Archive
drwxrwsr-x 2 fsuser DOMAIN\NewGroup 48 2005-12-07 15:35 test
Note that the groups have write access to these folders, so I expect
anyone in DOMAIN\OldGroup to have write access to 'Archive' and anyone
in DOMAIN\NewGroup to have write access to 'test'.
This is partially working, in that I added users to OldGroup, then set
up winbind, and now all the users originally added to OldGroup have
write access to 'Archive' but nobody else.
Since then I have created a new group called NewGroup and added some
users to it (myself included), however nobody can write to the folder
owned by NewGroup, even though everyone is a member in exactly the same
way as they were with OldGroup. Even stranger, users that I've added
to OldGroup since setting up winbind don't have access to the OldGroup
folder.
I thought this was perhaps an issue with winbind not updating the group
membership, except that this appears to be happening:
$ getent group DOMAIN\\OldGroup
DOMAIN\OldGroup:x:10097:DOMAIN\OldUser1,DOMAIN\NewUser1
$ getent group DOMAIN\\NewGroup
DOMAIN\NewGroup:x:10097:DOMAIN\OldUser1,DOMAIN\NewUser1
Yet if DOMAIN\OldUser1 connects, that user has write access to
'Archive' (which was set up before winbind) but not 'test' (which was
set up after winbind had been running for a while.) NewUser1 doesn't
have write access to anything, as that user was added to both groups a
few weeks after winbind had been running (and the user has been in the
groups for about a week now, which should be ample time for any caches
to expire.)
Has anyone experienced this before? I didn't think Samba cached these
values long-term, but it certainly doesn't look like winbind does.
Thanks,
Adam.
More information about the samba
mailing list