[Samba] samba ignores supplementary groups for acl
Gerald (Jerry) Carter
jerry at samba.org
Fri Jul 29 22:08:35 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kent Tong wrote:
| CYBERLAB+kent at cladms003:~$ getfacl /var/Share/
| getfacl: Removing leading '/' from absolute path names
| # file: var/Share
| # owner: root
| # group: root
| user::rwx
| group::r-x
| group:staff:r-x
| mask::r-x
| other::---
| default:user::rwx
| default:group::r-x
| default:group:staff:r-x
| default:mask::r-x
| default:other::---
|
| CYBERLAB+kent at cladms003:~$ id
| uid=10000(CYBERLAB+kent) gid=10000(CYBERLAB+domain users)
| groups=50(staff),10000 (CYBERLAB+domain users),
| 10001(CYBERLAB+staffs)
....
| I believe this problem only happens when used with
| winbind (a domain user whose is in a linux group). If I
| set security to user and access the share as linux user
| "kent" who is in the "staff" group (but not primary group),
| then it will work.
This is actually by design. smbd only uses the Windows group
when setting the group list for a domain user. So you cannot
mix winbind and unix groups.
cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFC6qjjIR7qMdg1EfYRAgbPAKCOkMi/VFbQ1Wwn+1Ijk8AdMXqS5wCfQxdy
9Ck0NkIQpGlq/U8mypf3dco=
=Z7yc
-----END PGP SIGNATURE-----
More information about the samba
mailing list