Group permission issues

Ron Short short at sgi.com
Thu Aug 13 18:26:16 MDT 2009 

We have an issue with subgroups in that permission information does not seem to be forwarded to Windows Samba Clients. Basically the primary application runs with some higher privilege level of permission above the normal user rights. They can't get the permission through the subgroups thus the application breaks.

sdathengmds01:~ # cat /etc/*release
SUSE Linux Enterprise Server 10 (x86_64)
VERSION = 10
PATCHLEVEL = 2
LSB_VERSION="core-2.0-noarch:core-3.0-noarch:core-2.0-x86_64:core-3.0-x86_64" 

SGI Foundation Software 1SP3, Build 603r4-0903312302
SGI InfiniteStorage Software Platform, version 1.6, Build sgi160r2-1.6, 
Wed Apr  1 19:00:40 UTC 2009
SGI ProPack 6SP3 for Linux, Build 603r4-0903312302
SGI ProPack 6SP3 for Linux, Build 603r4-0903312302

sdathengmds01:~ # rpm -q -f /usr/sbin/smbd
sgi-samba-3.2.0-24.1sgi160r2
sdathengmds01:~ #

smb.conf file

sdathengmds01:~ # more /etc/samba/smb.conf

# Global parameters
[global]
        workgroup = NMCS
        realm = NMCS.SDMENGINEERING.COM
        netbios name = ENGSMB
        name resolve order = lmhosts host wins bcast
        interfaces = 162.49.57.25/0xffffff00
        bind interfaces only = Yes
        security = ADS
        auth methods = winbind
        password server = dmcontroller2.nmcs.sdmengineering.com, 
dmcontroller3.n
mcs.sdmengineering.com
        #passwd program = /usr/bin/passwd %u
        #passwd chat = *ew*password:* %n\n *e-enter*new*password:* %n\n
        max log size = 500
        max xmit = 65535
        os level = 0
        preferred master = No
        local master = No
        domain master = No
        ldap ssl = no
        idmap uid = 15000-20000
        idmap gid = 15000-20000
        comment = %h (Samba %v)
        hosts allow = 162.49.57.
        hide dot files = No
        locking = No
        share modes = No

[library]
        path = /media/library
        read only = No
        directory mask = 0775
        #force group = +dmfwrite
[cam]
        path = /media2/cam
        read only = No
        directory mask = 0775
        #force group = +dmfwrite


-- 
Ron Short                                       email: short at sgi.com
Solutions Architect                             office: 651/683-5680
SGI Global Professional Services                fax: 651/683-5288

More information about the samba-technical mailing list