[Samba] force group to Unix group in 3.0.25

Gerald (Jerry) Carter jerry at samba.org
Sat May 19 12:01:19 GMT 2007

Hash: SHA1

Christian Perrier wrote:

> Guys, I want to double check the patch to 3.0.24 
> (thanks, Jerry, for it) but I need a test case...
> Given that I have to coordinate that update
> with Debian's security team, I better have
> to be triple secured..:-)
> However, I still haven't understood what *exactly* 
> is the bug..:-)
> David, do you have a smb.conf excerpt which 
> I could use for testing this ?

Christian,  The issue that setting force group on a share
was causing all additional supplementary gids to be dropped
from the user's token.

So setup a share that has force group = foo and then
create a directory or file that the user should be able
to access based on supplementary groups other than

You can verify the fix by looking at the NT and UNIX user
token debug output in smbd's level 10 debug logs.

Sorry for all the hassle and the regression.  Jeremy
and I have both looked over the code and haven't seen
any other code paths than would be problematic so
I think this one patch is enough.

cheers, jerry

Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list