[PATCH] Fix bug #9878 - force user does not work as expected.

Jeremy Allison jra at samba.org
Wed Mar 19 10:22:24 MDT 2014


On Wed, Mar 19, 2014 at 05:06:11PM +0100, Andreas Schneider wrote:
> On Wednesday 19 March 2014 09:03:11 Jeremy Allison wrote:
> > On Wed, Mar 19, 2014 at 04:58:47PM +0100, Andreas Schneider wrote:
> > > On Wednesday 19 March 2014 08:43:56 Jeremy Allison wrote:
> > > > On Wed, Mar 19, 2014 at 04:16:16PM +0100, Andreas Schneider wrote:
> > > > > Houston, we have a problem!
> > > > > 
> > > > > I have a print$ share with force group which stops working after this
> > > > > patch!
> > > > > 
> > > > > [print$]
> > > > > 
> > > > >         comment = Printer Drivers
> > > > >         path = /var/lib/samba/drivers
> > > > >         write list = @ntadmin root
> > > > >         force group = ntadmin
> > > > >         create mask = 0664
> > > > >         directory mask = 0775
> > > > > 
> > > > > I'm connecting as LEVEL1+Administrator who is a member of the group
> > > > > ntadmin. I'm not able to upload printer drivers after the patch is
> > > > > applied. If I revert the patch, I can upload printer drivers again.
> > > > 
> > > > Debug level 10 logs please...
> > > > 
> > > > Jeremy.
> > > 
> > > This is the log giving me an error pushing the files to the print$ share.
> > > If you want a log with the patch reverted let me know.
> > 
> > What error message are you seeing ? I don't see an "ACCESS_DENIED"
> > in this log, which is what I'd expect.
> 
> The error message popup is:
> 
> 	An error occured while copying file hpcdmc64.dll
> 
> 	Cannot copy file to destination directory.
> 
> 	Click Retry to retry the operation or click Cancel to

Ok, looks like it's a group resolution failure.

When attaching to print$ we get:

  is_share_read_only_for_user: share print$ is read-only for unix user LEVEL1+administrator

which means that the group lookup for @ntadmin isn't
working correctly.

I'll send you some patches to expand debug in token_contains_name_in_list()
so we can see what is happening.

Jeremy.


More information about the samba-technical mailing list