[Samba] what samba file do I need to change when manually changing gid in /etc/group file?

Urs Rau urs.rau at uk.om.org
Mon May 29 11:46:58 GMT 2006


Sorry for appearing to answer my own post. I just thought I might not
have given enough detail.

Urs Rau wrote:
> I have a need to renumber some of my /etc/group numbers from below 100
> to a value that is above 500. (e.g 88 -> 535, 91 -> 632, etc etc, about
> 9 changes in total)
> 
> If I had to do this in an earlier version of samba then I think the
> correct files I would have to keep in sync would be /etc/group and
> /etc/samba/smbpasswd, simply changing the gid from the value below 100
> to it's new value above 500. And then of course run a script that does
> those changes for all directories and files owned by that old low
> numbered group against the filesystem.
> 
> But now that I am using samba samba-3.0.14a-2 it looks as if this
> version no longer stores the gid in the /etc/samba/smbpasswd file, as this file is
> now empty. Does samba now build the group sid dynamically from the
> values in /etc/group, or do I have to tell samba somehow, somewhere that
> the gid value for the low numbered gid is now such and such higher
> numbered value?

Maybe the answer depends on how I am running samba on this machine? Well
it is a PDC of a domain with name 'WORKGROUP'. Here are hopefully the
relevant lines from the testparm output.

# Global parameters
[global]
	dos charset = CP850
	unix charset = UTF-8
	display charset = LOCALE
	workgroup = WORKGROUP
	realm =
	netbios name = LINUX
	netbios aliases =
	netbios scope =
	server string = ""
	interfaces = 10.37.1.200/24, 10.37.2.200/24, lo
	bind interfaces only = Yes
	security = USER
	auth methods =
	encrypt passwords = Yes
	update encrypted = No
	client schannel = Auto
	server schannel = Auto
	allow trusted domains = Yes
	hosts equiv =
	min password length = 5
	map to guest = Never
	null passwords = No
	obey pam restrictions = No
	password server = *
	smb passwd file = /etc/samba/smbpasswd
	private dir = /etc/samba
	passdb backend = tdbsam
	algorithmic rid base = 1000
	root directory =
	guest account = nobody
	enable privileges = Yes
	pam password change = No
	passwd program = /usr/local/sbin/sysadm-samba.pl --changepw=%u
	passwd chat = *new*password* %n\n *changed*
	passwd chat debug = No
	passwd chat timeout = 2
	check password script =
	username map =
	password level = 0
	username level = 0
	unix password sync = Yes
	restrict anonymous = 0
	lanman auth = Yes
	ntlm auth = Yes
	client NTLMv2 auth = No
	client lanman auth = Yes
	client plaintext auth = Yes
	preload modules =
	use kerberos keytab = No
	log level = 1
	syslog = 1
	syslog only = No
	log file =
	max log size = 5000
	debug timestamp = Yes
	debug hires timestamp = No
	debug pid = No
	debug uid = No
	smb ports = 139 445
	large readwrite = Yes
	max protocol = NT1
	min protocol = CORE
	read bmpx = No
	read raw = No
	write raw = Yes
	disable netbios = No
	acl compatibility =
	defer sharing violations = Yes
	nt pipe support = Yes
	nt status support = Yes
	announce version = 4.9
	announce as = NT
	max mux = 50
	max xmit = 16644
	name resolve order = lmhosts hosts wins bcast
	max ttl = 259200
	max wins ttl = 518400
	min wins ttl = 21600
	time server = Yes
	unix extensions = Yes
	use spnego = Yes
	client signing = auto
	server signing = No
	client use spnego = Yes
	change notify timeout = 60
	deadtime = 0
	getwd cache = Yes
	keepalive = 300
	kernel change notify = Yes
	lpq cache time = 60
	max smbd processes = 0
	paranoid server security = Yes
	max disk size = 0
	max open files = 10000
	socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192
SO_SNDBUF=8192
	use mmap = Yes
	hostname lookups = No
	name cache timeout = 660
	load printers = Yes
	printcap cache time = 0
	printcap name = cups
	cups server =
	disable spoolss = No
	enumports command = /usr/local/bin/samba_enumports.sh
	addprinter command =
	deleteprinter command =
	show add printer wizard = Yes
	os2 driver map =
	mangling method = hash2
	mangle prefix = 1
	stat cache = Yes
	machine password timeout = 604800
	add user script =
	delete user script =
	add group script =
	delete group script =
	add user to group script =
	delete user from group script =
	set primary group script =
	add machine script = /usr/sbin/adduser -n -g machines -c Machine -d
/dev/null -s /bin/false %u
	shutdown script =
	abort shutdown script =
	logon script = logon.bat
	logon path = \\%L\profiles\%U
	logon drive = h:
	logon home = \\%L\%U\.profile
	domain logons = Yes
	os level = 255
	lm announce = Auto
	lm interval = 60
	preferred master = Yes
	local master = Yes
	domain master = Yes
	browse list = Yes
	enhanced browsing = Yes
	dns proxy = Yes
	wins proxy = No
	wins server =
	wins support = Yes
	wins hook =
	wins partners =
	kernel oplocks = Yes
	lock spin count = 3
	lock spin time = 10
	oplock break wait time = 0
	ldap admin dn =
	ldap delete dn = No
	ldap filter = (uid=%u)
	ldap group suffix =
	ldap idmap suffix =
	ldap machine suffix =
	ldap passwd sync = no
	ldap replication sleep = 1000
	ldap suffix =
	ldap ssl =
	ldap timeout = 15
	ldap user suffix =
	add share command =
	change share command =
	delete share command =
	config file =
	preload =
	lock directory = /var/cache/samba
	pid directory = /var/run
	utmp directory =
	wtmp directory =
	utmp = No
	default service =
	message command = bash -c 'cat %s | logger -t %f' &
	dfree command =
	get quota command =
	set quota command =
	remote announce = 10.37.2.255/24
	remote browse sync = 10.37.2.240
	socket address = 10.37.1.200 10.37.2.200 127.0.0.1
	homedir map = auto.home
	afs username map =
	afs token lifetime = 604800
	log nt token command =
	time offset = 0
	NIS homedir = No
	panic action =
	host msdfs = No
	enable rid algorithm = Yes
	idmap backend =
	idmap uid =
	idmap gid =
	template primary group = nobody
	template homedir = /home/%D/%U
	template shell = /bin/false
	winbind separator = \
	winbind cache time = 300
	winbind enable local accounts = No
	winbind enum users = Yes
	winbind enum groups = Yes
	winbind use default domain = No
	winbind trusted domains only = No
	winbind nested groups = No
	comment =
	path =
	username =
	invalid users =
	valid users =
	admin users = root, sysadmin, Administrator, admin
	read list =
	write list =
	printer admin = @dom_admin, @app_admin, root, sysadmin, Administrator,
admin
	force user =
	force group =
	read only = No
	create mask = 0744
	force create mode = 0660
	security mask = 0777
	force security mode = 00
	directory mask = 02770
	force directory mode = 02000
	directory security mask = 0777
	force directory security mode = 00
	force unknown acl user = No
	inherit permissions = No
	inherit acls = No
	guest only = No
	guest ok = No
	only user = No
	hosts allow =
	hosts deny =
	allocation roundup size = 1048576
	ea support = No
	nt acl support = Yes
	profile acls = No
	map acl inherit = Yes
	afs share = No
	block size = 1024
	max connections = 0
	min print space = 2048
	strict allocate = No
	strict sync = No
	sync always = No
	use sendfile = No
	write cache size = 0
	max reported print jobs = 0
	max print jobs = 1000
	printable = No
	printing = cups
	cups options = "raw"
	print command =
	lpq command = %p
	lprm command =
	lppause command =
	lpresume command =
	queuepause command =
	queueresume command =
	printer name =
	use client driver = No
	default devmode = No
	force printername = No
	default case = lower
	case sensitive = Auto
	preserve case = Yes
	short preserve case = Yes
	mangling char = ~
	hide dot files = Yes
	hide special files = No
	hide unreadable = No
	hide unwriteable files = No
	delete veto files = No
	veto files = lost+found/proc/dev
	hide files =
	veto oplock files =
/*.mdb/*.MDB/*.dbf/*.DBF/*.eml/*.nws/*.EML/*.NWS/*.{*}/*.doc/*.DOC/*.xls/*.XLS/*.ldb/*.LDB/*.ppt/*.PPT/*.pub/*.PUB/*.pst/*.PST/*.pmm/*.PMM/*.pmi/*.PMI/*.cnm/*.CNM
	map system = No
	map hidden = No
	map archive = Yes
	mangled names = Yes
	mangled map =
	store dos attributes = No
	browseable = Yes
	blocking locks = Yes
	csc policy = manual
	fake oplocks = No
	locking = Yes
	oplocks = Yes
	level2 oplocks = Yes
	oplock contention limit = 2
	posix locking = Yes
	strict locking = Yes
	share modes = Yes
	copy =
	include =
	preexec =
	preexec close = No
	postexec =
	root preexec =
	root preexec close = No
	root postexec =
	available = Yes
	volume =
	fstype = NTFS
	set directory = No
	wide links = Yes
	follow symlinks = Yes
	dont descend =
	magic script =
	magic output =
	delete readonly = No
	dos filemode = No
	dos filetimes = Yes
	dos filetime resolution = Yes
	fake directory create times = No
	vfs objects =
	msdfs root = No
	msdfs proxy =

Thanks for any help in how I tell samba about the linux gid numbers.

Regards,

-- 
Urs Rau						



More information about the samba mailing list