[Samba] Permission weirdness

Chris chrisd at better-investing.org
Thu Sep 9 18:29:24 GMT 2004


I am running samba 3.0.5 in an ADS environment.  I have a win2k3 server as the 
DC and my samba machine (running on Gentoo Linux) is a member of that domain.  
I am using winbind.

I have three users, for this example I will call them Larry, Curly and Moe.  
All three have RW access to a share on the server called "stooges".  The 
linux perms on this directory look like this:

drwxrwx---  root DOMAIN+stooges_         stooges

There are other users who are members of the DOMAIN+stooges group, but these 
three are in charge and need access to a more restricted subdirectory of 
stooges.  So I made a stooges_CIA directory under the stooges share.

Its linux perms look like this:

drwxrwx--- root DOMAIN+stooges_CIA_   stooges_CIA

Larry, Curly and Moe are all members of both the DOMAIN+stooges_CIA_ (only 
those three) and the DOMAIN+stooges_ groups (those 3 plus other users in the 

Now here is the strange part:

Larry and curly can access everything in the share stooges and the 
subdirectory stooges_CIA.  Moe, can access everyting in the stooges share but 
NOT anything in the stooges_CIA subdir. 

This makes absolutely no sense to me!  Moe is a group member of 
DOMAIN+stooges_CIA.  He shows up thusly when I do a 'getent group' or when I 
do a 'groups DOMAIN+moe'.  Likewise, he shows up on the domain controller as 
being part of that group.  *BOTH* systems have him listed in that group -- 
but for some reason he has no access!

He gets this error:

"\\server\stooges\stooges_CIA is not accessible.  You might not have 
permission to use this network resource.  Contact the administrator of this 
server to find out if you have access permissions." 

What the heck is going on here?



More information about the samba mailing list