[Samba] Unable to give users access to folders within Samba share

Adam Nielsen adam.nielsen at uq.edu.au
Thu Dec 8 00:23:49 GMT 2005 

Hi,

I'm trying to give my users access to a folder contained within a Samba
share, e.g.

$ ls share

drwxrwsr-x  14 fsuser DOMAIN\OldGroup      432 2005-12-07 15:35 .
drwxr-xr-x   6 root   root                 128 2005-11-17 12:33 ..
drwxrwsr-x   3 fsuser DOMAIN\OldGroup      136 2005-11-22 16:56 Archive
drwxrwsr-x   2 fsuser DOMAIN\NewGroup       48 2005-12-07 15:35 test

Note that the groups have write access to these folders, so I expect
anyone in DOMAIN\OldGroup to have write access to 'Archive' and anyone
in DOMAIN\NewGroup to have write access to 'test'.

This is partially working, in that I added users to OldGroup, then set
up winbind, and now all the users originally added to OldGroup have
write access to 'Archive' but nobody else.

Since then I have created a new group called NewGroup and added some
users to it (myself included), however nobody can write to the folder
owned by NewGroup, even though everyone is a member in exactly the same
way as they were with OldGroup.  Even stranger, users that I've added
to OldGroup since setting up winbind don't have access to the OldGroup
folder.

I thought this was perhaps an issue with winbind not updating the group
membership, except that this appears to be happening:

$ getent group DOMAIN\\OldGroup
DOMAIN\OldGroup:x:10097:DOMAIN\OldUser1,DOMAIN\NewUser1

$ getent group DOMAIN\\NewGroup
DOMAIN\NewGroup:x:10097:DOMAIN\OldUser1,DOMAIN\NewUser1

Yet if DOMAIN\OldUser1 connects, that user has write access to
'Archive' (which was set up before winbind) but not 'test' (which was
set up after winbind had been running for a while.)  NewUser1 doesn't
have write access to anything, as that user was added to both groups a
few weeks after winbind had been running (and the user has been in the
groups for about a week now, which should be ample time for any caches
to expire.)

Has anyone experienced this before?  I didn't think Samba cached these
values long-term, but it certainly doesn't look like winbind does.

Thanks,
Adam.

More information about the samba mailing list