[Samba] Secondary groups and Posix ACL

Derek Harkness dharknes at umd.umich.edu
Mon Feb 11 16:46:44 GMT 2008


Okay I found the solution to this problem.  It appears you shouldn't  
run winbindd on a samba PDC.

Derek Harkness
Data Security Analyst Senior
University of Michigan-Dearborn
(313) 593-5089

On Jan 31, 2008, at 08:08 AM, Derek Harkness wrote:

> I've got a very odd situation occurring.  I recently upgraded to  
> Samba 2.0.26a and now secondary group membership doesn't work.
>
> On the filesystem I have this layout
>
> /derek
> /derek/Folder 1
> /derek/Folder 2
>
> derek has these ACLs
> # file: derek
> # owner: root
> # group: root
> user::rwx
> group::r-x
> other:r-x
>
> Folder 1 has these ACLs
> # file: Folder 1
> # owner: root
> # group: g1
> user::rwx
> group:rwx
> other: ---
> default:user::rwx
> default:group::rwx
> default:group:g1:rwx
> default:mask:rwx
> default:other:---
>
> Folder 2 has these ACLs
> # file: Folder 2
> # owner: root
> # group: g2
> user::rwx
> group:rwx
> other: ---
> default:user::rwx
> default:group::rwx
> default:group:g2:rwx
> default:mask:rwx
> default:other:---
>
> Here is the share block from the smb.conf
> [derek]
> 	comment = Posix ACL test
> 	path = /derek
> 	guest ok = no
> 	browseable = no
> 	writeable = yes
>
> Now my user testuser1's primary group is g1 and testuser1 is also a  
> member of g2.  From the shell testuser1 can access both directories  
> and all is good.  Through samba testuser1 get an access denied or  
> network path not found when accessing Folder 2.  If I add g1 to the  
> acl on Folder 2 then samba will let testuser1 in.  Am I missing  
> something?
>
> Derek
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba



More information about the samba mailing list