Sam Aylestock
2004-Apr-07 21:02 UTC
[Samba] ACL group permissions only work on primary group
I just join this list. Did anyone give a reply to this question? I have been struggling with this same problem. Sam Aylestock Sr. Network Administrator TREEV(r) Proven Solutions . Real Results .(tm) Tel: 703-904-3139 http://www.treev.com/
Radio Gong 2000 GmbH & Co. KG [Technik]
2004-Apr-07 21:09 UTC
AW: [Samba] ACL group permissions only work on primary group
Can u please describe ur problem a bit more? Regards Sascha -----Ursprungliche Nachricht----- Von: samba-bounces+sascha.bieler=radiogong.de@lists.samba.org [mailto:samba-bounces+sascha.bieler=radiogong.de@lists.samba.org]Im Auftrag von Sam Aylestock Gesendet: Mittwoch, 7. April 2004 23:02 An: samba@lists.samba.org Betreff: [Samba] ACL group permissions only work on primary group I just join this list. Did anyone give a reply to this question? I have been struggling with this same problem. Sam Aylestock Sr. Network Administrator TREEV(r) Proven Solutions . Real Results .(tm) Tel: 703-904-3139 http://www.treev.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Sam Aylestock
2004-Apr-07 21:14 UTC
[Samba] ACL group permissions only work on primary group
My apologies....this is the info from the original post and I am having the exact problem. The only difference is I am using the current version of SAMBA(3.02)and Fedora Core 1. The original is as follows... Intro: There have been a few postings on this subject with few answers. If anyone knows where to point those of us trying to work this out, or will enlighten us as to the limitations of ACL's and Samba, we would appreciate your help. So far, acl.bestbits.at does not have any information on this particular problem. Environment: Samba 3.0 alpha 21 or 23 (I skipped 22, but most likely it had the same problem) Red Hat 8.0 Kernel 2.4.20 w/ acl patches from acl.bestbits.at Ext3 filesystem mounted w/ acl option Problem: Samba is successfully authenticating users via a W2K domain using ADS. Logins and passwords work great, individual file access permissions work fine. The problem is when setting group file or directory access permissions, Samba/Linux only recognizes a user's "primary group". This means if a user is a member of more than one group (by default, everyone is a member of Domain Users which is also their primary group) only their primary group is looked at for file/directory access permissions on the Samba server. This causes two problems: 1) I have to manually go through every user (250+) a set their default group to something other than Domain Users (unless, of course, that's adequate for my needs). This is time consuming, but I can live with it. 2) The bigger problem is that a person can only receive access to files/directories based on membership in only one group. For example, John is a member of coders and a member of management with coders being his primary group. Without assigning individual rights, John will only be able to access the coders directory and will not have access to the management directory even though the management group has full access to it. Yes, it would be easy to just assign John individual rights to the management directory, but this becomes an exponential headache when you multiply this scenario out across a large company of similar situations. Sam Aylestock Sr. Network Administrator TREEV Proven Solutions . Real Results .(tm) Tel: 703-904-3139 http://www.treev.com/ -----Original Message----- From: Radio Gong 2000 GmbH & Co. KG [Technik] [mailto:sascha.bieler@radiogong.de] Sent: Wednesday, April 07, 2004 5:09 PM To: Sam Aylestock; samba@lists.samba.org Subject: AW: [Samba] ACL group permissions only work on primary group Can u please describe ur problem a bit more? Regards Sascha -----Ursprungliche Nachricht----- Von: samba-bounces+sascha.bieler=radiogong.de@lists.samba.org [mailto:samba-bounces+sascha.bieler=radiogong.de@lists.samba.org]Im Auftrag von Sam Aylestock Gesendet: Mittwoch, 7. April 2004 23:02 An: samba@lists.samba.org Betreff: [Samba] ACL group permissions only work on primary group I just join this list. Did anyone give a reply to this question? I have been struggling with this same problem. Sam Aylestock Sr. Network Administrator TREEV(r) Proven Solutions . Real Results .(tm) Tel: 703-904-3139 http://www.treev.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Sam Aylestock
2004-Apr-08 14:06 UTC
[Samba] ACL group permissions only work on primary group
I am currently using Samba 3.0.2 with Fedora Core 1. I have also duplicated the problem on a test environment. Sam -----Original Message----- From: Radio Gong 2000 GmbH & Co. KG [Technik] [mailto:sascha.bieler@radiogong.de] Sent: Thursday, April 08, 2004 2:08 AM To: samba@lists.samba.org Cc: Sam Aylestock Subject: Re: [Samba] ACL group permissions only work on primary group Maybe I am wrong now, but as far as I now there have been several bugfixes according ADS, ldap and kerberos. Anyway an alpha-version is not for a production environment, so update to the latest version of samba! Best greetz Sascha Am Mittwoch, 7. April 2004 23:14 schrieb Sam Aylestock:> My apologies....this is the info from the original post and I am > having the exact problem. The only difference is I am using the > current version of SAMBA(3.02)and Fedora Core 1. The original is asfollows...> > Intro: > There have been a few postings on this subject with few answers. If > anyone knows where to point those of us trying to work this out, or > will enlighten us as to the limitations of ACL's and Samba, we would > appreciate your help. So far, acl.bestbits.at does not have any > information on this particular problem. > > Environment: > Samba 3.0 alpha 21 or 23 (I skipped 22, but most likely it had the > same > problem) > Red Hat 8.0 > Kernel 2.4.20 w/ acl patches from acl.bestbits.at > Ext3 filesystem mounted w/ acl option > > Problem: > Samba is successfully authenticating users via a W2K domain using ADS. > Logins and passwords work great, individual file access permissions > work fine. The problem is when setting group file or directory access> permissions, Samba/Linux only recognizes a user's "primary group". > This means if a user is a member of more than one group (by default, > everyone is a member of Domain Users which is also their primary > group) only their primary group is looked at for file/directory access> permissions on the Samba server. > > This causes two problems: > > 1) I have to manually go through every user (250+) a set their default> group to something other than Domain Users (unless, of course, that's > adequate for my needs). This is time consuming, but I can live withit.> > 2) The bigger problem is that a person can only receive access to > files/directories based on membership in only one group. For example,> John is a member of coders and a member of management with coders > being his primary group. Without assigning individual rights, John > will only be able to access the coders directory and will not have > access to the management directory even though the management group > has full access to it. Yes, it would be easy to just assign John > individual rights to the management directory, but this becomes an > exponential headache when you multiply this scenario out across alarge company of similar situations.> > > > Sam Aylestock > Sr. Network Administrator > TREEV > Proven Solutions . Real Results .(tm) > Tel: 703-904-3139 > http://www.treev.com/ > > > -----Original Message----- > From: Radio Gong 2000 GmbH & Co. KG [Technik] > [mailto:sascha.bieler@radiogong.de] > Sent: Wednesday, April 07, 2004 5:09 PM > To: Sam Aylestock; samba@lists.samba.org > Subject: AW: [Samba] ACL group permissions only work on primary group > > Can u please describe ur problem a bit more? > > Regards > > Sascha > > -----Ursprungliche Nachricht----- > Von: samba-bounces+sascha.bieler=radiogong.de@lists.samba.org > [mailto:samba-bounces+sascha.bieler=radiogong.de@lists.samba.org]Im > Auftrag von Sam Aylestock > Gesendet: Mittwoch, 7. April 2004 23:02 > An: samba@lists.samba.org > Betreff: [Samba] ACL group permissions only work on primary group > > > I just join this list. Did anyone give a reply to this question? I > have been struggling with this same problem. > > Sam Aylestock > Sr. Network Administrator > TREEV(r) > Proven Solutions . Real Results .(tm) > Tel: 703-904-3139 > http://www.treev.com/ > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba