[Samba] samba says "you have right" but I must not have right
(Important - SECURITY ISSUE)
Andrew Bartlett
abartlet at samba.org
Fri Jan 9 21:45:16 GMT 2004
On Fri, Jan 09, 2004 at 02:25:08PM +0100, stephane.purnelle at corman.be wrote:
> My Samba 3.0.1 is configured with LDAP SAM and ACL on XFS filesystem.
>
> For a test, I added my user to the group "cadres". This group is in ACL
> definition of my directory.
>
> # file: Projets
> # owner: root
> # group: root
> user::rwx
> user:asi:rwx
> group::rwx
> group:administrateurs
> group:cdir:r-x
> group:jardin:r-x
> group:cadres:r-x
> mask::rwx
> other::---
> default:user::rwx
> default:user:asi:rwx
> default:group::rwx
> default:group:adminis
> default:mask::rwx
> default:other::---
>
> In my explorer, the directory Projets appear, the directory is available.
> After, I modifed my group "cadres" and I supress my account from group.
>
> since more than 1 hour, I can see and acces to directory but in unix
> console I cannot and I must don't access to this directory.
> The only possibility than I have is : "killing my connection with SWAT"
>
>
> I looking the source and I think that is the NT_USER_TOKEN information is
> not updated after connection or if these informations is updated not
> correctly.
> I propose that samba refresh correcly these information every five minutes
> or a parameter REFRECH_USRE_INFO in smb.conf.
You will find that all Unix, NT and Win2k systems function in this way. A
user's group permissions last until they logout.
Andrew Bartlett
More information about the samba
mailing list