[Samba] unix_primary_group not used when writing files

L. van Belle belle at samba.org
Wed Aug 17 12:53:42 UTC 2022 

What do you see if you run : id username 
And run : getfacl on the folder/files to see more.. 

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba <samba-bounces at lists.samba.org> Namens Matthew
> Richardson via samba
> Verzonden: woensdag 17 augustus 2022 13:32
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] unix_primary_group not used when writing files
> 
> I have a samba server (v4.13.17 - Ubuntu 20.04) set up joined to an AD
> domain, with the following idmap config:
> 
> [global]
>   workgroup = MYDOM
>   realm = MYDOM.EXAMPLE.COM
>   security = ads
>   idmap config * : backend = tdb
>   idmap config * : range = 3000 - 9999
>   idmap config MYDOM : backend = ad
>   idmap config MYDOM : schema_mode = rfc2307
>   idmap config MYDOM : range = 10000 - 9999999
>   idmap config MYDOM : unix_primary_group = yes
>   idmap config MYDOM : unix_nss_info = yes
>   winbind use default domain = yes
> 
> All users in the domain have the unix attributes set (gidNumber, loginShell
> etc). There is also a group with the same gid as the user's gidNumber, and
> that user is a member of that group.
> 
> This shows up fine using the nss commands, e.g.:
> 
> $ getent passwd alice
> 
> alice:*:12345:12345:Alice Smith:/home/alice:/bin/bash
> 
> $ getent group alice
> 
> alice:x:12345:
> 
> $ groups alice
> 
> alice : alice domain users
> 
> 
> However if I connect using smbclient and write files, they are always group
> owned by 'domain users':
> 
> $ smbclient -k -L //server.example.com/alice
> > put test.txt
> 
> $ ls -l /home/alice
> 
> -rwxrwxr-x+ 1 alice domain users 38 Aug 16 20:29 test.txt
> 
> Samba logging (debug level 4) during this file write correctly identifies the
> primary group:
> 
> UNIX token of user 12345
>   Primary group is 12345 and contains 164 supplementary groups
> 
> However it then uses domain users when writing (gid 273711):
> 
> [2022/08/16 19:12:02.052968,  2] ../../source3/smbd/open.c:1524(open_file)
>   MYDOM\alice opened file test.txt read=Yes write=Yes (numopen=1)
> [2022/08/16 19:12:02.060177,  3]
> ../../source3/smbd/posix_acls.c:1205(unpack_nt_owners)
>   unpack_nt_owners: owner sid mapped to uid 12345
> [2022/08/16 19:12:02.060584,  3]
> ../../source3/smbd/posix_acls.c:1226(unpack_nt_owners)
>   unpack_nt_owners: group sid mapped to gid 273711
> [2022/08/16 19:12:02.060994,  3]
> ../../source3/smbd/posix_acls.c:3760(set_nt_acl)
>   set_nt_acl: chown test.txt. uid = 12345, gid = 273711.
> 
> 
> Can anyone suggest what might be going on here?
> 
> Thanks,
> 
> Matthew
> 
> 
> The University of Edinburgh is a charitable body, registered in Scotland, with
> registration number SC005336. Is e buidheann carthannais a th’ ann an
> Oilthigh Dhùn Èideann, clàraichte an Alba, àireamh clàraidh SC005336.
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list