[Samba] Reloading smbd session process group membership cache
Eugene Pankov
e at ajenti.org
Tue Feb 19 17:13:09 UTC 2019
So the problem is that smbd session processes will forever cache the POSIX
group memberships that the logged in user possesses. Consider a following
example:
*smb.conf: *
[share_a]
path = /mnt/a
valid users = dude
*ls -l /mnt:*
drwxrwxr-x root group_a a
*/etc/group:*
group_a:*:2000:user
Now, a client mounts *share_a* as *dude* and has R/W access to it via his
*group_a* group membership.
Then, without unmounting the share, we add another share and HUP smbd.
*smb.conf: *
[share_a]
path = /mnt/share_a
valid users = dude
[share_b]
path = /mnt/share_b
valid users = dude
*ls -l /mnt:*
drwxrwxr-x root group_a share_a
drwxrwxr-x root group_b share_b
*/etc/group:*
group_a:*:2000:user
group_b:*:2000:user
Now, the same client is able to mount the new share, but can't write to it
since to its cached knowledge, *dude* is not a member of *group_b* since he
wasn't one at the time of connection.
What I'm looking for is a way to tell smbd to flush membership cache
without resorting to killing it.
More information about the samba
mailing list