[Samba] Getting mad with group permissions

Giorgio Volpe giorgio at movi.fvg.it
Tue Apr 21 16:24:18 GMT 2009 

samba at terpstra-world.org ha scritto:
> Giorgio Volpe wrote:
>   
>> I have a file server with two shares accessible to 2 different groups. After the last update ( from debian 2:3.2.5-4 to  2:3.3.2-1 ) i cannot any more access ONLY ONE of the two shares and I can't understand the
>> reason!
>>     
> net groupmap add unixgroup='group_name' ntgroup='windows_group_name' type=d
>
>   
done
> Also, anywhere that 'valid groups' is specified, follow the convention of
> fully specifying the context of group security object like this:
>
> 	valid users = @"DOMAIN_NAME\group_name"
>   
done, but nothing changes! In no way I can understand why one share il 
ok and the other not!

>> from smb.conf:
>>
>> [documenti_movi]
>>        path = /home/documenti_movi
>>        valid users = @staffmovi
>>        read only = No
>>        create mask = 0770
>>        directory mask = 0770
>>        case sensitive = No
>>
>> [documenti_csv]
>>        path = /home/csv/documenti
>>        valid users = @csv
>>        read only = No
>>        create mask = 0770
>>        directory mask = 0770
>>        case sensitive = No
>>
>> From /etc/group
>>
>>
>> staffmovi:x:113:giorgio,boris,alberto,annamaria,simona.celotti,martina,franco,giovanna
>>
>>    csv:x:1005:giorgio,franco,simona.celotti
>>
>>
>> Executing 'id giorgio':
>>
>>    uid=1000(giorgio) gid=1000(giorgio)
>>
>> gruppi=24(cdrom),25(floppy),29(audio),44(video),46(plugdev),113(staffmovi),1005(csv),1000(giorgio)
>>
>>
>>
>> From samba log: trying access to 'documenti_movi' copared with access to
>>     
> 'documenti_csv' as user giorgio (from an xp client)
>   
>> [2009/04/20 11:06:59,  3] smbd/process.c:switch_message(1378)
>>  switch message SMBtconX (pid 27040) conn 0x0
>> [2009/04/20 11:06:59,  3] smbd/sec_ctx.c:set_sec_ctx(324)
>>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>> [2009/04/20 11:06:59,  5] auth/token_util.c:debug_nt_user_token(522)
>>  NT user token: (NULL)
>> [2009/04/20 11:06:59,  5] auth/token_util.c:debug_unix_user_token(548)
>>  UNIX token of user 0
>>  Primary group is 0 and contains 0 supplementary groups
>> [2009/04/20 11:06:59,  5] smbd/uid.c:change_to_root_user(318)
>>  change_to_root_user: now uid=(0,0) gid=(0,0)
>> [2009/04/20 11:06:59,  4] smbd/reply.c:reply_tcon_and_X(715)
>>  Client requested device type [?????] for share [DOCUMENTI_MOVI]
>> [2009/04/20 11:06:59,  5] smbd/service.c:make_connection(1298)
>>  making a connection to 'normal' service documenti_movi
>> [2009/04/20 11:06:59,  3] lib/util_sid.c:string_to_sid(228)
>>  string_to_sid: Sid @staffmovi does not start with 'S-'.
>> [2009/04/20 11:06:59,  5] smbd/password.c:user_in_netgroup(425)
>>  Unable to get default yp domain, let's try without specifying it
>> [2009/04/20 11:06:59,  5] smbd/password.c:user_in_netgroup(429)
>>  looking for user giorgio of domain (ANY) in netgroup staffmovi
>> [2009/04/20 11:06:59,  5] smbd/password.c:user_in_netgroup(445)
>>  looking for user giorgio of domain (ANY) in netgroup staffmovi
>> [2009/04/20 11:06:59, 10] passdb/lookup_sid.c:lookup_name(69)
>>  lookup_name: MOVI\staffmovi => MOVI (domain), staffmovi (name)
>> [2009/04/20 11:06:59, 10] passdb/lookup_sid.c:lookup_name(70)
>>  lookup_name: flags = 0x077
>> [2009/04/20 11:06:59,  3] smbd/sec_ctx.c:push_sec_ctx(224)
>>  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>> [2009/04/20 11:06:59,  3] smbd/uid.c:push_conn_ctx(388)
>>  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>> [2009/04/20 11:06:59,  3] smbd/sec_ctx.c:set_sec_ctx(324)
>>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>> [2009/04/20 11:06:59,  5] auth/token_util.c:debug_nt_user_token(522)
>>  NT user token: (NULL)
>> [2009/04/20 11:06:59,  5] auth/token_util.c:debug_unix_user_token(548)
>>  UNIX token of user 0
>>  Primary group is 0 and contains 0 supplementary groups
>> [2009/04/20 11:06:59,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
>>  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>> [2009/04/20 11:06:59, 10] passdb/lookup_sid.c:lookup_name(69)
>>  lookup_name: Unix Group\staffmovi => Unix Group (domain), staffmovi
>>     
> (name)
>   
>> [2009/04/20 11:06:59, 10] passdb/lookup_sid.c:lookup_name(70)
>>  lookup_name: flags = 0x077
>> [2009/04/20 11:06:59, 10] smbd/share_access.c:user_ok_token(212)
>>  User giorgio not in 'valid users'
>> [2009/04/20 11:06:59,  2]
>>     
> smbd/service.c:create_connection_server_info(659)
>   
>>  user 'giorgio' (from session setup) not permitted to access this share
>> (documenti_movi)
>>
>>     [2009/04/20 11:13:15,  3] smbd/process.c:switch_message(1378)
>>  switch message SMBtconX (pid 27200) conn 0x0
>> [2009/04/20 11:13:15,  3] smbd/sec_ctx.c:set_sec_ctx(324)
>>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
>> [2009/04/20 11:13:15,  5] auth/token_util.c:debug_nt_user_token(522)
>>  NT user token: (NULL)
>> [2009/04/20 11:13:15,  5] auth/token_util.c:debug_unix_user_token(548)
>>  UNIX token of user 0
>>  Primary group is 0 and contains 0 supplementary groups
>> [2009/04/20 11:13:15,  5] smbd/uid.c:change_to_root_user(318)
>>  change_to_root_user: now uid=(0,0) gid=(0,0)
>> [2009/04/20 11:13:15,  4] smbd/reply.c:reply_tcon_and_X(715)
>>  Client requested device type [?????] for share [DOCUMENTI_CSV]
>> [2009/04/20 11:13:15,  5] smbd/service.c:make_connection(1298)
>>  making a connection to 'normal' service documenti_csv
>> [2009/04/20 11:13:15,  3] lib/util_sid.c:string_to_sid(228)
>>  string_to_sid: Sid @csv does not start with 'S-'.
>> [2009/04/20 11:13:15,  5] smbd/password.c:user_in_netgroup(425)
>>  Unable to get default yp domain, let's try without specifying it
>> [2009/04/20 11:13:15,  5] smbd/password.c:user_in_netgroup(429)
>>  looking for user giorgio of domain (ANY) in netgroup csv
>> [2009/04/20 11:13:15,  5] smbd/password.c:user_in_netgroup(445)
>>  looking for user giorgio of domain (ANY) in netgroup csv
>> [2009/04/20 11:13:15, 10] passdb/lookup_sid.c:lookup_name(69)
>>  lookup_name: MOVI\csv => MOVI (domain), csv (name)
>> [2009/04/20 11:13:15, 10] passdb/lookup_sid.c:lookup_name(70)
>>  lookup_name: flags = 0x077
>> [2009/04/20 11:13:15,  3] smbd/sec_ctx.c:push_sec_ctx(224)
>>  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
>> [2009/04/20 11:13:15,  3] smbd/uid.c:push_conn_ctx(388)
>>  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
>> [2009/04/20 11:13:15,  3] smbd/sec_ctx.c:set_sec_ctx(324)
>>  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
>> [2009/04/20 11:13:15,  5] auth/token_util.c:debug_nt_user_token(522)
>>  NT user token: (NULL)
>> [2009/04/20 11:13:15,  5] auth/token_util.c:debug_unix_user_token(548)
>>  UNIX token of user 0
>>  Primary group is 0 and contains 0 supplementary groups
>> [2009/04/20 11:13:15,  3] smbd/sec_ctx.c:pop_sec_ctx(432)
>>  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
>> [2009/04/20 11:13:15, 10] passdb/lookup_sid.c:lookup_name(69)
>>  lookup_name: Unix Group\csv => Unix Group (domain), csv (name)
>> [2009/04/20 11:13:15, 10] passdb/lookup_sid.c:lookup_name(70)
>>  lookup_name: flags = 0x077
>> [2009/04/20 11:13:15, 10] smbd/share_access.c:user_ok_token(234)
>>  user_ok_token: share documenti_csv is ok for unix user giorgio
>>
>>
>>
>>     
>
>
>
>
>
>
>

More information about the samba mailing list