samba - Feb 2003 - user in two groups - acl problem

This is a situation.

I have samba, winbind, w2k domain. Everything works fine BUT

User "test" is member of group "ALL" and group
"MARKETING"
Group ALL have all permission on folder COMPANY, and  group MARKETING
doesn't have any access (deny) .

User test still can access folder COMPANY.

If I explicitly deny user test to access that folder then it's OK.

Why?
Is it possible to deny access to folder COMPANY to group MARKETING by using
groups.


Thanks

Jurica Motusic

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 11 Feb 2003 Jurica.Motusic@megatrend.com wrote:
> I have samba, winbind, w2k domain. Everything works fine BUT
> 
> User "test" is member of group "ALL" and group
"MARKETING"
> Group ALL have all permission on folder COMPANY, and  group MARKETING
> doesn't have any access (deny) .
> 
> User test still can access folder COMPANY.
> 
> If I explicitly deny user test to access that folder then it's OK.
> 
> Why? Is it possible to deny access to folder COMPANY to group MARKETING
> by using groups.

under the posix acl model, the user gets the sum of the group permissions.
an explicitly named user entry takes preference though so if you 
exlicitly assign the user --- permissions, then he/she will get just that.




cheers, jerry
 ----------------------------------------------------------------------
 Hewlett-Packard            ------------------------- http://www.hp.com
 SAMBA Team                 ---------------------- http://www.samba.org
 GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
 "You can never go home again, Oatman, but I guess you can shop
there."
                            --John Cusack - "Grosse Point Blank"
(1997)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE+S9omIR7qMdg1EfYRAvx6AKCSBfey2tKJQNkf4BuMDle2GjxhhwCfXNVp
8SD0rwlGUAswWcWOpynUJ0o=iRqn
-----END PGP SIGNATURE-----