smb.conf option "force unknown acl user"
more
more0401 at gmail.com
Mon Sep 10 02:45:06 GMT 2007
Jerry,
Thanks for your reply.
> This is by design. There is an owner SID and a group SID.
> Suppose both of these are groups? What should smbd do then?
> It just a fundemental difference between Windows and Unix.
I find that, if the Windows sets the owner (either user or group), the
Windows will only pass the setting owner OWNER_SECURITY_INFORMATION to samba
always (and the Windows will not pass the setting group
GROUP_SECURITY_INFORMATION). This is based on Win2003 SP1 for my test.
In this case, I think if samba detects the owner is a group, samba can set
the group instead. I think it can be a workaround fix for Windows. Is that
right?
Here I attach the related samba code (smbd/posix.c) for reference:
if (security_info_sent & OWNER_SECURITY_INFORMATION) {
sid_copy(&owner_sid, psd->owner_sid);
DEBUG(0,("MORE unpack_nt_owners: owner: %s\n",
sid_string_static(&owner_sid)));
if (!NT_STATUS_IS_OK(sid_to_uid(&owner_sid, puser))) {
if (lp_force_unknown_acl_user(snum)) {
/* this allows take ownership to work
* reasonably */
*puser = current_user.uid;
} else {
DEBUG(3,("unpack_nt_owners: unable to validate"
" owner sid for %s\n",
sid_string_static(&owner_sid)));
return False;
}
}
}
/*
* Don't immediately fail if the group sid cannot be validated.
* This may be an owner chown only set.
*/
if (security_info_sent & GROUP_SECURITY_INFORMATION) {
sid_copy(&grp_sid, psd->grp_sid);
DEBUG(0,("MORE unpack_nt_owners: group: %s\n",
sid_string_static(&grp_sid)));
if (!NT_STATUS_IS_OK(sid_to_gid( &grp_sid, pgrp))) {
if (lp_force_unknown_acl_user(snum)) {
/* this allows take group ownership to work
* reasonably */
*pgrp = current_user.gid;
} else {
DEBUG(3,("unpack_nt_owners: unable to validate"
" group sid.\n"));
return False;
}
}
}
Regards,
More
-----Original Message-----
From: Gerald (Jerry) Carter [mailto:jerry at samba.org]
Sent: Friday, September 07, 2007 8:24 PM
To: more
Cc: samba-technical at samba.org; samba at lists.samba.org
Subject: Re: smb.conf option "force unknown acl user"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
more wrote:
> Hi all,
>
> I noticed that, if the windows user sets a domain group SID as the
> file owner SID, samba will report error if "force unknown acl
> user=no". From the source (samba 3.0.25c), it dues to that samba fails
> to map the domain group SID as a valid UID.
>
> I think the current solution is that to use "force unknown acl
> user=yes". But I think it is not the best solution for this case, why
> not let samba set the owner group instead of reporting error if he
> detects the owner user is a domain group?
This is by design. There is an owner SID and a group SID.
Suppose both of these are groups? What should smbd do then?
It just a fundemental difference between Windows and Unix.
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG4ULyIR7qMdg1EfYRApWaAJ9USyX7s2crJojg6H0h4mlBVyH1agCgyBHh
XX/JB4vdsSjuxd9axJe4R3Y=
=oYNl
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list