[Samba] samba says "you have right" but I must not have right (Important - SECURITY ISSUE)

stephane.purnelle at corman.be stephane.purnelle at corman.be
Fri Jan 9 13:25:08 GMT 2004


My Samba 3.0.1 is configured with LDAP SAM and ACL on XFS filesystem.

For a test, I added my user to the group "cadres". This group is in ACL
definition of my directory.

# file: Projets
# owner: root
# group: root
user::rwx
user:asi:rwx
group::rwx
group:administrateurs
group:cdir:r-x
group:jardin:r-x
group:cadres:r-x
mask::rwx
other::---
default:user::rwx
default:user:asi:rwx
default:group::rwx
default:group:adminis
default:mask::rwx
default:other::---

In my explorer, the directory Projets appear, the directory is available.
After, I modifed my group "cadres" and I supress my account from group.

since more than 1 hour, I can see and acces to directory but in unix
console I cannot and I must don't access to this directory.
The only possibility than I have is : "killing my connection with SWAT"


I looking the source and I think that is the NT_USER_TOKEN information is
not updated after connection or if these informations is updated not
correctly.
I propose that samba refresh correcly these information every five minutes
or a parameter REFRECH_USRE_INFO in smb.conf.

please help me.

     Stéphane
     Samba Administrator.

-----------------------------------
Stéphane PURNELLE                         stephane.purnelle at corman.be
Service Informatique       Corman S.A.           Tel : 00 32 087/342467



More information about the samba mailing list