On 12/03/07, Peter <pwg@gmx.at> wrote:> Hi,
>
> my Problem:
>
> I tried to limit the disk usage for certain samba users by means of
> group quotas. But when looking at the disk free space from the client
> the quota is not honoured. So I wrote a little script trying to find
> out the quota left using the "dfree command" setting. So far
> everything is fine, but now, as soon as the script is called (I
> placed some debug output there) the groups, the user signing on via
> samba is member of, are not recognised. Calling "id" for this
> purpose, I got for my user a:
>
> uid=1001(a) gid=1099(dummy) groups=1099(dummy)
>
> but called from the commend line (after su s2) I got:
>
> uid=1001(a) gid=1099(dummy) groups=1099(dummy), 1098(tmp), 1002(x),
> 1001(y)
>
> So my questions are:
> How are those groups are resolved in Mac OS X?
The standard unix group APIs call into libc, which eventually ends up
in Directory Services and memberd. There are at least 2 layers of
caching involved, so it is probably possible to see stale group
membership information if you are unlucky.
id(1) will only ever show you up to 15 supplementary groups. Also, Mac
OS X supports nested groups, which can be surprising sometimes.
You can check group memberships with dseditgroup(8):
http://developer.apple.com/documentation/Darwin/Reference/ManPages/man8/dseditgroup.8.html
> Which mechanism is
> used by samba (the default installation provided by apple) to resolve
> this???
IIRC, Samba uses getgroups/setgroups on 10.4.
--
James Peach | jorgar@gmail.com