[Samba] Reloading smbd session process group membership cache
Jeremy Allison
jra at samba.org
Fri Feb 22 16:58:24 UTC 2019
On Tue, Feb 19, 2019 at 06:13:09PM +0100, Eugene Pankov via samba wrote:
> So the problem is that smbd session processes will forever cache the POSIX
> group memberships that the logged in user possesses. Consider a following
> example:
>
> *smb.conf: *
> [share_a]
> path = /mnt/a
> valid users = dude
>
> *ls -l /mnt:*
> drwxrwxr-x root group_a a
>
> */etc/group:*
> group_a:*:2000:user
>
> Now, a client mounts *share_a* as *dude* and has R/W access to it via his
> *group_a* group membership.
> Then, without unmounting the share, we add another share and HUP smbd.
>
> *smb.conf: *
> [share_a]
> path = /mnt/share_a
> valid users = dude
>
> [share_b]
> path = /mnt/share_b
> valid users = dude
>
> *ls -l /mnt:*
> drwxrwxr-x root group_a share_a
> drwxrwxr-x root group_b share_b
>
> */etc/group:*
> group_a:*:2000:user
> group_b:*:2000:user
>
> Now, the same client is able to mount the new share, but can't write to it
> since to its cached knowledge, *dude* is not a member of *group_b* since he
> wasn't one at the time of connection.
>
> What I'm looking for is a way to tell smbd to flush membership cache
> without resorting to killing it.
You have to terminate the connection from that client
and have it reconnect.
We don't have a way of dynamically chaning credentials
on existing connections.
More information about the samba
mailing list