[Samba] access to files continues after removing user from group

Reindl Harald h.reindl at thelounge.net
Wed May 11 09:15:54 UTC 2016

Am 11.05.2016 um 03:38 schrieb Chad William Seys:
> cwseyst2 only looses access when smbd is restarted.  (Or the smbd process
> acting for cwseyst2 is killed and respawned.) It seems as though the smbd
> process which is acting for cwseyst2 is running as root and can access the
> files as root instead of cwseyst2.
> The computer does not have nscd.
> Does samba not drop privileges aggressively enough?

looks so because most of the time smbd processes are running as root and 
only when filetransfers are happening they switch to the connected user 
(while i have no idea how it is possible at all to become root again 
after priviliges where dropped)

none of these processes should run as root after the user authenticated

root      2122  0.0  0.2 436392 15224 ?        SN   06:15   0:00 
/usr/sbin/smbd -D
root      4897  0.0  0.0 426784  5056 ?        SNs  Mai03   0:03 
/usr/sbin/smbd -D
root      4898  0.0  0.0 422904  1792 ?        SN   Mai03   0:00 
/usr/sbin/smbd -D
root      4899  0.0  0.0 426848  3712 ?        SN   Mai03   0:01 
/usr/sbin/smbd -D

netatalk has the more sane behavior here - the spawned process of the 
user is *always* running as the user and never as root

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20160511/c0db2934/signature.sig>

More information about the samba mailing list