samba - Nov 2005 - Using group membership to access a symlink directory

I am having a problem getting Samba to use the linux group membership 
when following a symlink.

On the Linux side, I have a soft link from the user's home directory to 
the shared directory.
  ln -s /home/shared/testgroup testshare

In the smb.conf I have:
[homes]
   comment = Home Directories
   browseable = no
   writable = yes
   valid users = %S
   force create mode = 0660
   delete readonly = yes
   map archive = no
   case sensitive = yes
   follow symlinks = yes

[testshared]
    comment = Test Shared
    browsable = no
    path = /home/shared/testgroup
    valid users = @test
    writable = yes
    force create mode = 0660
    force directory mode = 0771
    force group = test


IF the user maps to the "testshared" share, it works perfectly (ie.
uses
the group membership to give access).  However, if they try to browse to
the testgroup "directory", it does not grant them access.

It shouldn't matter, but I have even changed the symlink 'file' to
have
the user be the owner.  Still no dice.

--

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Chris Barnes                              AOL IM: CNBarnes
chris@txbarnes.com                      Yahoo IM: chrisnbarnes

You always have freedom of choice, but you never have freedom of
consequence.

--

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Chris Barnes                           AOL IM: CNBarnes
chris-barnes@tamu.edu                Yahoo IM: chrisnbarnes

On Thursday 10 November 2005 15:56, Chris Barnes wrote:
> I am having a problem getting Samba to use the linux group membership
> when following a symlink.
>
> On the Linux side, I have a soft link from the user's home directory to
> the shared directory.
>   ln -s /home/shared/testgroup testshare
>
> In the smb.conf I have:
> [homes]
>    comment = Home Directories
>    browseable = no
>    writable = yes
>    valid users = %S
>    force create mode = 0660
>    delete readonly = yes
>    map archive = no
>    case sensitive = yes
>    follow symlinks = yes
>
> [testshared]
>     comment = Test Shared
>     browsable = no
>     path = /home/shared/testgroup
>     valid users = @test
>     writable = yes
>     force create mode = 0660
>     force directory mode = 0771
>     force group = test
>
>
> IF the user maps to the "testshared" share, it works perfectly
(ie. uses
> the group membership to give access).  However, if they try to browse to
> the testgroup "directory", it does not grant them access.
>
> It shouldn't matter, but I have even changed the symlink 'file'
to have
> the user be the owner.  Still no dice.
Check the man page for the "wide links" parameter.

- John T.

John H Terpstra <jht@samba.org> wrote:
> Check the man page for the "wide links" parameter.
After checking several references, it appears the "wide links" setting
by default is "yes".  Since I do not have it specified explicitly in
my
smb.conf file, it should be using the default setting.

Next thing I should look for?


--

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Chris Barnes                           AOL IM: CNBarnes
chris-barnes@tamu.edu                Yahoo IM: chrisnbarnes

On Thu, 2005-11-10 at 16:56 -0600, Chris Barnes wrote:
> I am having a problem getting Samba to use the linux group membership 
> when following a symlink.
> 
> On the Linux side, I have a soft link from the user's home directory to
> the shared directory.
>   ln -s /home/shared/testgroup testshare
> 
> IF the user maps to the "testshared" share, it works perfectly
(ie. uses
> the group membership to give access).  However, if they try to browse to
> the testgroup "directory", it does not grant them access.
> 
> It shouldn't matter, but I have even changed the symlink 'file'
to have
> the user be the owner.  Still no dice.
Can you access this on linux as the user?  ie, if you remove samba from
the equation, does it work?


Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20051115/d5acfb44/attachment.bin

> Can you access this on linux as the user?  ie, if you remove samba 
> from
> the equation, does it work?
Yes.

[cbarnes@titan cbarnes]$ id
uid=834(cbarnes) gid=503(staff) groups=503(staff),509(website)

[cbarnes@titan cbarnes]$ ls -alF www
lrwxrwxrwx  1 cbarnes website 37 Nov  9 11:33 www -> 
/home/websites/www2.physics.tamu.edu/

[cbarnes@titan cbarnes]$ cd www
[cbarnes@titan www]$ ls -dalF .  drwxrwsr-x  24 root website 4096 Nov 15
[cbarnes@titan www]$ touch hi
[cbarnes@titan www]$ ls -alF hi
-rw-r--r--  1 cbarnes website 0 Nov 15 09:07 hi

-- 

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Chris Barnes                           AOL IM: CNBarnes
chris-barnes@tamu.edu                Yahoo IM: chrisnbarnes