[PATCH] s3-printing: follow force user/group for driver IO
Stefan (metze) Metzmacher
metze at samba.org
Thu Mar 3 02:28:09 MST 2011
Hi David,
Am 02.03.2011 23:51, schrieb David Disseldorp:
> Configuring force user/group settings for the print$ share currently has
> unexpected results, this is explained by how the driver upload/add
> process takes place. Consider the following example:
>
> [print$]
> path = /print-drv
> write list = $DRIVER_UPLOAD_USER
> force group = ntadmin
>
> - the client connects to the [print$] share and uploads all driver
> files to the /print-drv/W32X86 directory.
>
> - This is permitted, as /print-drv/W32X86 is owned by group ntadmin, and
> the "force group = ntadmin" takes effect for the [print$] session.
>
> - Once all files are uploaded, the client connects to the [ipc$]
> share and issues an AddPrinterDriverEx spoolss request.
>
> - In handling this request move_driver_to_download_area() is called,
> which attempts to create the directory /print-drv/W32X86/3
>
> - The create directory fails, as it is done as the user connected to
> the [ipc$] share which does not have permission to write to the driver
> directory. The [print$] "force group = ntadmin" has no effect.
>
> This is a regression from previous behaviour prior to the commit:
> 783ab04 Convert move_driver_to_download_area to use create_conn_struct.
Does this change the group token of the connection_struct of the ipc$
tree connect that was done by the client or does this code create
a faked connection_struct that represents the print$ share (and you
just fix the token on this one)?
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20110303/ae615df7/attachment.pgp>
More information about the samba-technical
mailing list