strange permission problem

MCCALL,DON (HP-USA,ex1) don_mccall at
Thu Feb 22 13:29:51 GMT 2001

I think this is a side effect of the force group parameter you have for this

share; what it actually does is effectively change the effective groupid of
whoever is attaching to the share to that group; this has the effect of 
1. making sure that any file or directory created on the share owned by that
   group (which is what most people use it for)
2. making all the files with group permissions for that group on that share
   accessible to whoever has attached to that share (since their egid is now
   that group) - this is I THINK what is concerning you.

Hope this helps,

-----Original Message-----
From: Zheng Liu [mailto:liu at TI.FhG.DE]
Sent: Thursday, February 22, 2001 3:35 AM
To: samba at
Subject: strange permission problem

I have suddenly a very strange permission probelm with the shares.
No matter what the read permissions in Linux are, ANY user can read 
EVERY file in a share.  For example I have a shere:
   comment = pictures from spy cam
   path = /export/spycam
   public = yes
   create mask = 0660
   directory mask = 0770
   read list = @smbadm
   force group = smbadm

and the directory /export/spycam has permission mode:

drwxrwx---   3 root     smbadm       4096 Sep 19 10:06 /export/spycam/

And it STILL lets everyone read all the files in this directory.  It
seem to matter who I log into the domain as, if they are a valid
username under Linux, it lets them into the share, and then lets them
read all the files.  The permissions also work fine from within the
Linux environment (no surprise.)  So samba is using its root-ness to
allow the files to be delivered to any user.  Please let me know what
I can do or try, this is really scary... Hier is global section of my

   workgroup = MYDOMAIN
   guest account = nobody
   keep alive = 30
   os level = 65
   kernel oplocks = false
   security = user
   socket options = TCP_NODELAY
   map to guest = Bad User

More information about the samba mailing list