[PATCH] Fix bug #9878 - force user does not work as expected.
Jeremy Allison
jra at samba.org
Wed Mar 19 10:22:24 MDT 2014
On Wed, Mar 19, 2014 at 05:06:11PM +0100, Andreas Schneider wrote:
> On Wednesday 19 March 2014 09:03:11 Jeremy Allison wrote:
> > On Wed, Mar 19, 2014 at 04:58:47PM +0100, Andreas Schneider wrote:
> > > On Wednesday 19 March 2014 08:43:56 Jeremy Allison wrote:
> > > > On Wed, Mar 19, 2014 at 04:16:16PM +0100, Andreas Schneider wrote:
> > > > > Houston, we have a problem!
> > > > >
> > > > > I have a print$ share with force group which stops working after this
> > > > > patch!
> > > > >
> > > > > [print$]
> > > > >
> > > > > comment = Printer Drivers
> > > > > path = /var/lib/samba/drivers
> > > > > write list = @ntadmin root
> > > > > force group = ntadmin
> > > > > create mask = 0664
> > > > > directory mask = 0775
> > > > >
> > > > > I'm connecting as LEVEL1+Administrator who is a member of the group
> > > > > ntadmin. I'm not able to upload printer drivers after the patch is
> > > > > applied. If I revert the patch, I can upload printer drivers again.
> > > >
> > > > Debug level 10 logs please...
> > > >
> > > > Jeremy.
> > >
> > > This is the log giving me an error pushing the files to the print$ share.
> > > If you want a log with the patch reverted let me know.
> >
> > What error message are you seeing ? I don't see an "ACCESS_DENIED"
> > in this log, which is what I'd expect.
>
> The error message popup is:
>
> An error occured while copying file hpcdmc64.dll
>
> Cannot copy file to destination directory.
>
> Click Retry to retry the operation or click Cancel to
Ok, looks like it's a group resolution failure.
When attaching to print$ we get:
is_share_read_only_for_user: share print$ is read-only for unix user LEVEL1+administrator
which means that the group lookup for @ntadmin isn't
working correctly.
I'll send you some patches to expand debug in token_contains_name_in_list()
so we can see what is happening.
Jeremy.
More information about the samba-technical
mailing list