George Rhoten
2010-Aug-26 23:57 UTC
[Samba] Samba permission changes are not applied to active connections
Hello, I'm using Samba 3.4.2 with CTDB. If I remove a user from the valid users list with "net conf setparm Share 'valid users' ..." on the server, and I connect a new Windows client to the Samba server on Linux, I get a permission denied for that user, which is correct behavior. However, there is a problem for active connections. If I revoke access for a user with a live connection to a share, the user can continue to modify files. Between a Windows server and client this type of change is instantaneous. So I'm seeing different behavior between what Samba/Windows and Windows/Windows configurations. The only alternative I've found is to kill the smbd process of any user currently logged on, but I'm not sure which share they're connected to. So maybe I shouldn't be doing that. Is there a reliable way to get Samba to pay attention to any permission changes on live connections? Sincerely. George
Volker Lendecke
2010-Aug-27 06:12 UTC
[Samba] Samba permission changes are not applied to active connections
On Thu, Aug 26, 2010 at 04:57:19PM -0700, George Rhoten wrote:> I'm using Samba 3.4.2 with CTDB. If I remove a user from the valid users > list with "net conf setparm Share 'valid users' ..." on the server, and I > connect a new Windows client to the Samba server on Linux, I get a > permission denied for that user, which is correct behavior. > > However, there is a problem for active connections. If I revoke access for a > user with a live connection to a share, the user can continue to modify > files. Between a Windows server and client this type of change is > instantaneous. So I'm seeing different behavior between what Samba/Windows > and Windows/Windows configurations. > > The only alternative I've found is to kill the smbd process of any user > currently logged on, but I'm not sure which share they're connected to. So > maybe I shouldn't be doing that. > > Is there a reliable way to get Samba to pay attention to any permission > changes on live connections?Not at this moment, sorry. There have been attempts by Bo Yang in the past to implement this, but they have dried out. The problem is that we have not figured out the correct semantics yet: What exactly happens with files that are currently open in RW mode? Will writing immediately stop? Volker