"force group" with no effect on BSD

Jiri Lazansky lazan at labe.felk.cvut.cz
Tue Apr 17 12:48:44 GMT 2001


Hello Don and Jerry,

thaks for all your comments whrere everything is clear EXCEPT some details
concerning the creation of files and directories on BSD UNIXes. All your remarks
are correct for Linux but not for BSD!

Imagine, I have connected a share having in its parameter section something like

    force group = %G

If I connect as myself (uid=1000, gid=20) I really get effective uid=1000 and
effective gid=20, which can be seen in the log file. The problem is somewhere
else. Let me cite from the man page mkdir(2) of FreeBSD
(http://www.freebsd.org/cgi/man.cgi?query=mkdir&apropos=0&sektion=2&manpath=Free
BSD+4.2-RELEASE&format=html)

     The directory's owner ID is set to the process's effective user ID.  The
     directory's group ID is set to that of the parent directory in which it is
created.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^
This contradicts to what Don says in his posting:
> That way, any time a file is created, it is created with the
> current uid and gid of the user creating the file.
> Since the current gid of the user is the force group gid, it SHOULD be being
> created with this gid.

In other words when creating directories (and files as well) on BSD systems, the
system behaves as if the directory group id bit were on the directory in Linux.
Citing from Linux mkdir(2) man page

       The newly created directory will be owned by the effective
       uid of the process.  If the directory containing the  file
       has  the  set  group  id  bit set, or if the filesystem is
       mounted with BSD group semantics, the new  directory  will
       inherit the group ownership from its parent; otherwise it
       will be owned by the effective gid of the process.

So I still suspect a bug!

Cheers.

Jiri Lazansky
Czech Technical University Prague
Faculty of Electrical Engineering
Department of Cybernetics
< lazan at labe.felk.cvut.cz >


----- Original Message -----
From: "MCCALL,DON (HP-USA,ex1)" <don_mccall at hp.com>
To: "'Jiri Lazansky'" <lazan at labe.felk.cvut.cz>; "Gerald Carter"
<gcarter at valinux.com>
Cc: <samba-technical at lists.samba.org>
Sent: 13. dubna 2001 17:21
Subject: RE: "force group" with no effect on BSD


> Hi Jiri,
> Not a bug - Samba doesn't have to call a chown or chgrp or anything like
> that when you have force group parameter set;
> basically what happens is that when the tconX to the share is made, samba
> recognizes the force group parameter,
> checks the group ownership of the unix uid being used to attach to the
> share, and if he is a member of the group
> specified in "force group", then samba attaches (does a become_user) to the
> share with gid= the gid of the force group
> parameter.  That way, any time a file is created, it is created with the
> current uid and gid of the user creating the file.
> Since the current gid of the user is the force group gid, it SHOULD be being
> created with this gid.
>
>
> So take a look at what's happening with YOU, and see if it makes sense.
> Hope this helps,
> Don
>
>
> -----Original Message-----
> >From: Jiri Lazansky [mailto:lazan at labe.felk.cvut.cz]
> Sent: Friday, April 13, 2001 4:10 AM
> To: Gerald Carter
> Cc: samba-technical at lists.samba.org
> Subject: Re: "force group" with no effect on BSD
>
>
> Hello Jerry,
>
> thanks for your prompt reaction to my yesterday posting.
>
> > > [PC-tmp]
> > >         path = /usr/pc.tmp
> > >         force user = %U
> >           ^^^^^^^^^^^^^^^
> > This line is a little silly :-)
> YES, this line IS silly, I was experimenting a lot with the configuration
> and this is the relics.
> >
> > >         force group = nobody
> > Have you tried a group other than 'nobody'?  or does the BSD filesystem
> > enfore some type of sticky bit like behavior?
> I have experimented with many UNIX groups at this place with no difference.
> I have tried groups where the logging-in user is primary member, secondary
> member or no member, but nothing helps. I have even tried the +group
> version.
>
> The motivation of my effort is as follows:
> I have Win users working on different projects. They are assigned to UNIX
> primary groups according to these projects. I want to allow the use the
> 'PC-tmp' share for file exchange so that users of different groups don't
> garble other's work. Actually, I want:
>     create mask = 0660
>     directory mask = 0770
>
> Up to now, we are using an old SUN Sparc running SunOS 4.1.4 (based on BSD
> 4.3)
> as our server providing smb service by Samba 1.9.18p8 where everything
> worked
> as desired.
> FreeBSD-4.2 that I am experimenting now is a BSD 4.4 based system. On this
> system creating new files (and directories) is done by open(2) with options
> containing O_CREAT flag. These new objects are owned by the current user and
>
> the group ownership is that of the containing directory. To change this
> default chown(2) must be called.
>
> Samba documentation states (smb.conf(5) - force group): ... This allows an
> administrator to decide that only users who are already in a particular
> group will create files with group ownership set to that group. ...
>
> Having checked the log files on a higher debug level, I found that Samba
> doesn't even try to call chown()... SO I SUSPECT A BUG!
>
> Best regards
>
> Jiri Lazansky
> Czech Technical University Prague
> Faculty of Electrical Engineering
> Department of Cybernetics
> < lazan at labe.felk.cvut.cz >
>
>
> ----- Original Message -----
> >From: "Gerald Carter" <gcarter at valinux.com>
> To: "Jiri Lazansky" <lazan at labe.felk.cvut.cz>
> Cc: <samba-technical at lists.samba.org>
> Sent: 12. dubna 2001 19:06
> Subject: Re: "force group" with no effect on BSD
>
>
> > On Thu, 12 Apr 2001, Jiri Lazansky wrote:
> >
> > > [PC-tmp]
> > >         path = /usr/pc.tmp
> > >         force user = %U
> >           ^^^^^^^^^^^^^^^
> > This line is a little silly :-)
> >
> > >         force group = nobody
> > >         writeable = Yes
> > >         create mask = 0664
> > >         force directory mode = 775
> > >         dos filetimes = Yes
> > >
> > > UNIX 'ls -la' command in /usr/pc.tmp says:
> > >
> > > drwxrwxrwx   4 root   wheel   512 Apr 12 18:21 ./
> > > drwxr-xr-x  19 root   wheel   512 Feb 22 18:07 ../
> > >
> > > My clients can access this share without any problems, the log file
> > > seems good, showing "effective(1000, 65534)" for the connected user -
> > > gid 65534=nobody. However, any object created on this share has proper
> > > user ownership but the group owner is always "wheel"
> >
> > Have you tried a group other than 'nobody'?  or does the BSD filesystem
> > enfore some type of sticky bit like behavior?
> >
> >
> > Cheers, jerry
> > ----------------------------------------------------------------------
> >    /\  Gerald (Jerry) Carter                     Professional Services
> >  \/    http://www.valinux.com/  VA Linux Systems   gcarter at valinux.com
> >        http://www.samba.org/       SAMBA Team          jerry at samba.org
> >        http://www.plainjoe.org/                     jerry at plainjoe.org
> >
> >        "...a hundred billion castaways looking for a home."
> >                                 - Sting "Message in a Bottle" ( 1979 )
> >
> >
>
>





More information about the samba-technical mailing list