[Samba] access to files continues after removing user from group
Chad William Seys
cwseys at physics.wisc.edu
Wed May 11 01:38:22 UTC 2016
I've noticed that removing a user from a group in /etc/group does not
immediately prevent the user from accessing files / directories which the
still has access to.
For example, say user 'cwseyst2' only has access to access to 'plc' if it
is in group 'plc-staff'.
# getfacl plc
# file: plc
# owner: smbadmin
# group: smbadmin
If plc-group starts off without cwseyst2, then as expected cwseyst2 cannot
Then I add cwseyst2 to plc-staff by editing /etc/group and as expected access
The surprise comes in when I remove cwseyst2 from plc-staff by editing
/etc/group . cwseyst2 can continue accessing plc! It can create files!
cwseyst2 only looses access when smbd is restarted. (Or the smbd process
acting for cwseyst2 is killed and respawned.) It seems as though the smbd
process which is acting for cwseyst2 is running as root and can access the
files as root instead of cwseyst2.
The computer does not have nscd.
Does samba not drop privileges aggressively enough? Have I set up samba
More information about the samba