[Samba] Group permissions issue migrating from 2.2.8a to 3.0.23a

Tim Wunder tim at thewunders.org
Mon Jan 15 19:32:51 GMT 2007


Thanks for the response Thomas, questions below...

On Monday 15 January 2007 2:13 pm, you wrote:
> Tim Wunder wrote:
> > I have a share that worked fine in samba 2.2.8a, users were able to read
> > and write to the share, and edit files. After migrating to 3.0.23a, users
> > are no longer able to edit existing files.
>
> I would use 3.0.23d - there were some changes in group behaviour.
>
> > Samba 3.0.23a config:
> > [sales]
> >         comment = SALES
> >         path = /home/netshare/sales
> >         read list = @purch, @shipping
>
> Try       read list = +purch, +shipping
>
> >         write list = @adm, @mgt, @sales, @vag, +hap
>
> Try       write list = +adm, +mgt, +sales, +vag, +hap
>

Changing the @ to a + seems to make no difference.
Also, according to the Help file that came with samba, the @ is the proper 
syntax:
"This is a list of users that are given read-write access to a service. If the 
connecting user is in this list then they will be given write access, no 
matter what the read only option is set to. The list can include group names 
using the @group syntax."

> >         force group = +sales
>
> Try       force group = sales
>
> > I can only edit the file as user tpw. In samba 2.2.8a, anyone in the
> > sales group could edit the file.
>
> You need the '+' as group flag now (tested with 3.0.23d).
>
> > Additionally, it seems that samba is changing the group to tpw when
> > saving the file as user tpw. The unix group "sales" exists and the user
> > "tpw" is a memeber of that group. Shouldn't the "force group = +sales"
> > cause the group to be "sales" when the file is saved?
>
> No. You must have no group flag (+) in 'force group' because 'force
> group' forces ... a group and not also users as in 'read list' and
> 'write list' ;)

Again, according to the Help file, "In Samba 2.0.5 and above this parameter 
has extended functionality in the following way. If the group name listed 
here has a '+' character prepended to it then the current user accessing the 
share only has the primary group default assigned to this group if they are 
already assigned as a member of that group."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20070115/761baa5d/attachment.bin


More information about the samba mailing list