samba - Apr 2007 - Changing group owner to a group user is not member of

Hi,

I'm using latest samba 3.0.24 on a debian etch box (ext3, acl) in ADS  
mode joined to a W2003 domain.

Everything works fine except when I want to change the group of a  
file to something the user is not member of.

Even if I run the commands as Administrator I can't seem to change to  
groups expect to those that the Administrator is member of.
This is really annoying as its very inconvenient to have a user  
member of all groups...

Is there some way to change this behavior?

Regards,
Henrik

On Mon, 30 Apr 2007, Henrik Zagerholm wrote:
> Hi,
>
> I'm using latest samba 3.0.24 on a debian etch box (ext3, acl) in ADS
mode
> joined to a W2003 domain.
>
> Everything works fine except when I want to change the group of a file to 
> something the user is not member of.
>
> Even if I run the commands as Administrator I can't seem to change to
groups
> expect to those that the Administrator is member of.
> This is really annoying as its very inconvenient to have a user member of
all
> groups...
>
> Is there some way to change this behavior?
I'm guessing you don't have Administrator mapped to root in unix?

I recently stumbled across the issue you describe in another context, and 
found this note in the Solaris manpage for chgrp:

      The   operating   system   has   a   configuration    option
      _POSIX_CHOWN_RESTRICTED, to restrict ownership changes. When
      this option is in effect, the owner of the file  may  change
      the  group  of  the  file only to a group to which the owner
      belongs. Only the super-user can  arbitrarily  change  owner
      IDs,  whether  or  not this option is in effect.

(the option is enabled by default in Solaris).

The linux manpage doesn't list this restriction, but it definitely is in 
effect there too.

This seems to be a POSIX restriction, unrelated to Samba.  There is a way 
to disable it in Solaris, but I don't know of a way to disable it in 
linux.

 	Andy