[Samba] user in two groups - acl problem
Gerald (Jerry) Carter
jerry at samba.org
Thu Feb 13 17:47:18 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 11 Feb 2003 Jurica.Motusic at megatrend.com wrote:
> I have samba, winbind, w2k domain. Everything works fine BUT
>
> User "test" is member of group "ALL" and group "MARKETING"
> Group ALL have all permission on folder COMPANY, and group MARKETING
> doesn't have any access (deny) .
>
> User test still can access folder COMPANY.
>
> If I explicitly deny user test to access that folder then it's OK.
>
> Why? Is it possible to deny access to folder COMPANY to group MARKETING
> by using groups.
under the posix acl model, the user gets the sum of the group permissions.
an explicitly named user entry takes preference though so if you
exlicitly assign the user --- permissions, then he/she will get just that.
cheers, jerry
----------------------------------------------------------------------
Hewlett-Packard ------------------------- http://www.hp.com
SAMBA Team ---------------------- http://www.samba.org
GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
"You can never go home again, Oatman, but I guess you can shop there."
--John Cusack - "Grosse Point Blank" (1997)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQE+S9omIR7qMdg1EfYRAvx6AKCSBfey2tKJQNkf4BuMDle2GjxhhwCfXNVp
8SD0rwlGUAswWcWOpynUJ0o=
=iRqn
-----END PGP SIGNATURE-----
More information about the samba
mailing list