IPC User Problem (was Situational Deadlock)

Andrew Bartlett abartlet at samba.org
Wed Jan 28 20:59:20 GMT 2004

On Thu, 2004-01-29 at 07:51, Esh, Andrew wrote:
> The "admin user" setting is not set in smb.conf. The "force group" setting is set globally to allow all users of all shares to belong to the same group. This allows some crossover functionality with NFS we needed to have. I suppose we could put "force group" in every share, but it would be a PITA.
> Why can't we allow "force group" in the case of IPC? (Other shares, 
> sure, but IPC? IPC should be open to anyone, or nothing works.) 
> Remember, this will affect anyone who calls WNetAddConnection2 to 
> connect to a share from NT. Our use of that call could be idiosyncratic, 
> but I doubt it.

The IPC$ share is special only in that it is the only share on a non
termainal-server setup that is used by multiple users as a matter of

The problem is this:  People who setup 'force group' and 'force user'
often set even more bizarre things in their smb.conf to get there.  They
also *think* that Samba only has one user at a time, or that each user
will open the shares independently.

This means that people setup configs like this:

 include =/etc/smb.conf.%U

and put force user in that include file etc.  Naturally, this breaks
really badly when the second user comes along.

I would suggest that most of the cases were people use 'force user' or
'force group' (in particular) can be solved by appropriate Unix file
permissions.  If this were a unix user, you would be using tricks like 

chmod g+s dir/

So why should Samba be any different?

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040129/307fb9b5/attachment.bin

More information about the samba-technical mailing list