[Samba] samba ignores supplementary groups for acl

Kent Tong kent at cpttm.org.mo
Thu Jul 28 03:13:40 GMT 2005


Hi,

I'm running samba 3.0.14a-3 on Debian sarge (sparc). The filesystem
is ext3 with acl support. winbind works fine. Please see below. 
when I am logged in using ssh, I can list the files in a folder 
(/var/Share) for which the group "staff" has r-x permissions. The 
problem is I can't list the folder through samba:

$ ssh cyberlab+kent at cladms003
Password:
Linux cladms003 2.6.8-2-sparc64 #1 Wed Mar 23 04:23:37 EST 2005 sparc64 GNU/Linux
Last login: Thu Jul 28 10:13:46 2005 from 172.18.17.237

CYBERLAB+kent at cladms003:~$ getfacl /var/Share/
getfacl: Removing leading '/' from absolute path names
# file: var/Share
# owner: root
# group: root
user::rwx
group::r-x
group:staff:r-x
mask::r-x
other::---
default:user::rwx
default:group::r-x
default:group:staff:r-x
default:mask::r-x
default:other::---

CYBERLAB+kent at cladms003:~$ id
uid=10000(CYBERLAB+kent) gid=10000(CYBERLAB+domain users) groups=50(staff),10000
(CYBERLAB+domain users),10001(CYBERLAB+staffs)

CYBERLAB+kent at cladms003:~$ ls -l /var/Share/
total 24
drwxr-x---+ 16 root root 4096 2005-07-25 18:14 Applications
drwxr-x---+ 11 root root 4096 2005-07-25 21:30 Data
drwxr-x---+ 63 root root 4096 2005-07-26 17:37 Packages

In a DOS prompt on a Windows 2000 client:

C:\>net use f: \\cladms003\Share
command completed successfully

C:\>dir f:
access denied

I believe this problem only happens when used with winbind (a domain
user whose is in a linux group). If I set security to user and access 
the share as linux user "kent" who is in the "staff" group (but not 
primary group), then it will work.

Thanks for any info!




More information about the samba mailing list