Group permission issues
David Collier-Brown
davec-b at rogers.com
Fri Aug 14 08:52:20 MDT 2009
Ron Short wrote:
> We have an issue with subgroups in that permission information does
> not seem to be forwarded to Windows Samba Clients. Basically the
> primary application runs with some higher privilege level of
> permission above the normal user rights. They can't get the permission
> through the subgroups thus the application breaks.
>
> sdathengmds01:~ # cat /etc/*release
> SUSE Linux Enterprise Server 10 (x86_64)
> VERSION = 10
> PATCHLEVEL = 2
> LSB_VERSION="core-2.0-noarch:core-3.0-noarch:core-2.0-x86_64:core-3.0-x86_64"
>
> SGI Foundation Software 1SP3, Build 603r4-0903312302
> SGI InfiniteStorage Software Platform, version 1.6, Build
> sgi160r2-1.6, Wed Apr 1 19:00:40 UTC 2009
> SGI ProPack 6SP3 for Linux, Build 603r4-0903312302
> SGI ProPack 6SP3 for Linux, Build 603r4-0903312302
>
> sdathengmds01:~ # rpm -q -f /usr/sbin/smbd
> sgi-samba-3.2.0-24.1sgi160r2
> sdathengmds01:~ #
>
> smb.conf file
>
> sdathengmds01:~ # more /etc/samba/smb.conf
>
> # Global parameters
> [global]
> workgroup = NMCS
> realm = NMCS.SDMENGINEERING.COM
> netbios name = ENGSMB
> name resolve order = lmhosts host wins bcast
> interfaces = 162.49.57.25/0xffffff00
> bind interfaces only = Yes
> security = ADS
> auth methods = winbind
> password server = dmcontroller2.nmcs.sdmengineering.com,
> dmcontroller3.n
> mcs.sdmengineering.com
> #passwd program = /usr/bin/passwd %u
> #passwd chat = *ew*password:* %n\n *e-enter*new*password:* %n\n
> max log size = 500
> max xmit = 65535
> os level = 0
> preferred master = No
> local master = No
> domain master = No
> ldap ssl = no
> idmap uid = 15000-20000
> idmap gid = 15000-20000
> comment = %h (Samba %v)
> hosts allow = 162.49.57.
> hide dot files = No
> locking = No
> share modes = No
>
> [library]
> path = /media/library
> read only = No
> directory mask = 0775
> #force group = +dmfwrite
> [cam]
> path = /media2/cam
> read only = No
> directory mask = 0775
> #force group = +dmfwrite
>
>
Jeremy already asked for more information, but, just to clarify, are you
talking about primary group working and
supplementary groups failing, where access is controlled by giving
permission to a group which is in the
supplementary groups list of a user?
If so, there is a known problem with non-Linux Sambas and having more than
16 or 32 supplementary groups. Might this be what you're seeing on an
SGI, or is
this a purely Linux regression?
--dave
--
David Collier-Brown, | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
davecb at spamcop.net | -- Mark Twain
(416) 223-8968
More information about the samba-technical
mailing list