[Samba] access to files continues after removing user from group

Chad William Seys cwseys at physics.wisc.edu
Wed May 11 16:17:40 UTC 2016


Hi Jeremy,

> Because that's just the way the process model works.

So security nuts didn't get involved early enough?  Or maybe there is 
some performance problem of checking on each access (at least back when 
model developed).

Or maybe the process model is more like gravity?  That is how it is, but 
no-one knows why.  ;)

> Adding a user to a group won't change the token on existing
> proceses. If a user attaches to Samba after that user is
> added to the group will create a new token attached to
> the new smbd process. It won't change any existing smbd
> process.

Ah!  You're right.  Somehow I didn't notice the PID changing.

Thanks for your help!
Chad.



More information about the samba mailing list