[Samba] access to files continues after removing user from group
Jeremy Allison
jra at samba.org
Wed May 11 15:05:37 UTC 2016
On Wed, May 11, 2016 at 09:54:39AM -0500, Chad William Seys wrote:
> Hi Jeremy,
>
> > Logged in tokens with group lists don't dynamically
> > change to reflect changes in the group database.
> > The token (user id and group list) is created
> > at login time, and will remain the same whilst
> > that user is connected.
>
> Thanks for the explanation.
>
> It seems like the token should be used to determine "who" the process is,
> while their username and groups they belong to compared against the filesystem
> ACL "what" they can access.
>
> Shouldn't Samba be checking the filesystem ACL and the user/group membership
> every time a file/dir are accessed? The kernel should do this for Samba if
> Samba always dropped privileges to access files, right?
>
> Seems like a security bug waiting to happen not to do this.
The kernel checks the token attached to the process
at the time the process accesses the filesystem/resource.
This is how OS'es work. It's how they *all* work.
What you're complaining about is that changes to
the database that is used to create the process
token doesn't dynamically update running process
tokens.
That just not the way running processes work
I'm afraid.
More information about the samba
mailing list