[Samba] Permission weirdness
chrisd at better-investing.org
Thu Sep 9 18:29:24 GMT 2004
I am running samba 3.0.5 in an ADS environment. I have a win2k3 server as the
DC and my samba machine (running on Gentoo Linux) is a member of that domain.
I am using winbind.
I have three users, for this example I will call them Larry, Curly and Moe.
All three have RW access to a share on the server called "stooges". The
linux perms on this directory look like this:
drwxrwx--- root DOMAIN+stooges_ stooges
There are other users who are members of the DOMAIN+stooges group, but these
three are in charge and need access to a more restricted subdirectory of
stooges. So I made a stooges_CIA directory under the stooges share.
Its linux perms look like this:
drwxrwx--- root DOMAIN+stooges_CIA_ stooges_CIA
Larry, Curly and Moe are all members of both the DOMAIN+stooges_CIA_ (only
those three) and the DOMAIN+stooges_ groups (those 3 plus other users in the
Now here is the strange part:
Larry and curly can access everything in the share stooges and the
subdirectory stooges_CIA. Moe, can access everyting in the stooges share but
NOT anything in the stooges_CIA subdir.
This makes absolutely no sense to me! Moe is a group member of
DOMAIN+stooges_CIA. He shows up thusly when I do a 'getent group' or when I
do a 'groups DOMAIN+moe'. Likewise, he shows up on the domain controller as
being part of that group. *BOTH* systems have him listed in that group --
but for some reason he has no access!
He gets this error:
"\\server\stooges\stooges_CIA is not accessible. You might not have
permission to use this network resource. Contact the administrator of this
server to find out if you have access permissions."
What the heck is going on here?
More information about the samba