Problem related to ID_TYPE_BOTH -Need suggestion
Stefan (metze) Metzmacher
metze at samba.org
Thu Jul 18 06:22:32 MDT 2013
Hi Abhidnya,
> With this change, where user is getting set as group, file access through
> Samba works fine. But If we want to export same share with NFS then it
> gives access denied for user testuser1 (This I tried on GPFS). This is
> because while evaluating access, GPFS gets no ACE with user testuser1 and
> its neither part of group testuser1 (as it was set by Samba). Also when I
> try to access file locally on GPFS as testuser1, it gets access denied.
> The ACLs on file in GPFS look like
>
> group:VIRTUAL1\administrator:rwxc:allow
> (X)READ/LIST (X)WRITE/CREATE (-)MKDIR (X)SYNCHRONIZE (X)READ_ACL
> (X)READ_ATTR (X)READ_NAMED
> (-)DELETE (-)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL
> (X)WRITE_ATTR (X)WRITE_NAMED
>
> group:VIRTUAL1\testuser1:rwxc:allow
> (X)READ/LIST (X)WRITE/CREATE (-)MKDIR (X)SYNCHRONIZE (X)READ_ACL
> (X)READ_ATTR (X)READ_NAMED
> (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL
> (X)WRITE_ATTR (X)WRITE_NAMED
>
> Thus I think ID_TYPE_BOTH support + sid_to_gid() call first will cause
> problem with multi protocol environment.
I guess we need to fix pam_winbind or nss_winbind, so that the user gets
the correct
unix token also on the command line or via nss.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130718/1ac69a7c/attachment.pgp>
More information about the samba-technical
mailing list