[Samba] Group permissions and recursion
jra at samba.org
Wed Jun 28 00:52:37 GMT 2006
On Wed, Jun 28, 2006 at 10:40:38AM +1000, Adam Nielsen wrote:
> > > Here's the problem, a member of 'CATNET\adm staff' cannot access a
> > > file for which 'CATNET\adm' has r/w access
> > > (group:CATNET\134adm:rwx). But if
> FWIW, this works here (Samba 3.0.21rc2), but I did need 'winbind nested
> groups = yes' first. I don't seem to have changed much else in
> smb.conf that might affect this.
Ah, glad we're fixing bugs moving forward :-).
> This however, *doesn't* work. Running 'id' only tells me I'm a member
> of "DOMAIN\domain users" but it doesn't list *any* other groups I'm a
> member of.
> But Samba still gives me access if a group containing a group
> containing me has permission.
smbd has backdoors into winbindd that other processes don't.
Still, I thought 'winbind nested groups' expanded for NSS
groups - maybe not. I'd need to look at the code to be sure.
More information about the samba