problem with chgrp

Whit Armstrong armstrong.whit at gmail.com
Mon Feb 2 18:33:31 GMT 2009 

I have a user who is unable to chgrp on a file.  Other samba users are
able to chgrp on the file.  Both users are able to chgrp on the file
on another server, so the groups appear to be set up correctly (i.e.
users cannot chgrp on a file to a group of which they are not a
member).  So, my guess is that there is some kind of sync issue
between this server and the windows PDC.

Is there a way to force samba to reload the sid/gid map without
rebooting the server?

I have tried to restarting samba/winbind quite a few times.

Here is the relevant section of my smb.conf file:

[global]
   workgroup = JJJ
   realm = JJJ.CORP

   domain master = no
   local master = no
   preferred master = no
   os level = 0

   server string = %h server
   security = ads
   encrypt passwords = true
   log level = 10
   log file = /var/log/samba/log.%m
   max log size = 1000
   winbind enum groups = yes
   winbind enum users = yes
   winbind use default domain = yes
   winbind nested groups = yes
   winbind refresh tickets = yes
   allow trusted domains = No
   idmap backend = rid:JJJ=10000-20000
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   template shell = /bin/bash
   template homedir = /home/%U
   client use spnego = yes
   smb ports = 139

Here is my test case in which both users are members of the slurmg
group.  one _can_ chgrp on the file, the other can't...


[warmstrong at linuxsvr tmp]$ sudo -u abierbryer bash
[abierbryer at linuxsvr tmp]$ touch test
[abierbryer at linuxsvr tmp]$ chgrp slurmg test
[abierbryer at linuxsvr tmp]$ ls -la test
-rw-rw-r-- 1 abierbryer slurmg 0 Feb  2 12:11 test
[abierbryer at linuxsvr tmp]$ rm test
[abierbryer at linuxsvr tmp]$ exit
exit


[warmstrong at linuxsvr tmp]$ sudo -u kkashef bash
[kkashef at linuxsvr tmp]$ touch test
[kkashef at linuxsvr tmp]$ ls -la test
-rw-rw-r-- 1 kkashef domain users 0 Feb  2 12:12 test
[kkashef at linuxsvr tmp]$ chgrp slurmg test
chgrp: changing group of `test': Operation not permitted
[kkashef at linuxsvr tmp]$ ls -la test
-rw-rw-r-- 1 kkashef domain users 0 Feb  2 12:12 test
[kkashef at linuxsvr tmp]$ rm test
[kkashef at linuxsvr tmp]$ exit
exit
[warmstrong at linuxsvr tmp]$


[warmstrong at linuxsvr ~]$ getent group|grep slurmg
slurmg:*:11204:kkashef,abierbryer,gsinha,warmstrong
[warmstrong at linuxsvr ~]$


Any suggestions would be appreciated.

Thanks,
Whit

More information about the samba-technical mailing list