[Samba] Group permissions and recursion

Jeremy Allison jra at samba.org
Wed Jun 28 00:52:37 GMT 2006

On Wed, Jun 28, 2006 at 10:40:38AM +1000, Adam Nielsen wrote:
> > > Here's the problem, a member of 'CATNET\adm staff' cannot access a
> > > file for which 'CATNET\adm' has r/w access
> > > (group:CATNET\134adm:rwx).  But if
> FWIW, this works here (Samba 3.0.21rc2), but I did need 'winbind nested
> groups = yes' first.  I don't seem to have changed much else in
> smb.conf that might affect this.

Ah, glad we're fixing bugs moving forward :-).

> This however, *doesn't* work.  Running 'id' only tells me I'm a member
> of "DOMAIN\domain users" but it doesn't list *any* other groups I'm a
> member of.
> But Samba still gives me access if a group containing a group
> containing me has permission.

smbd has backdoors into winbindd that other processes don't.
Still, I thought 'winbind nested groups' expanded for NSS
groups - maybe not. I'd need to look at the code to be sure.


More information about the samba mailing list