Raymond Holguin
2008-Mar-31 14:53 UTC
[Samba] Users groups are not synchronized with Samba
Currently I am using Samba with ACL control. My problem is that if I add or remove users from a group, those changes are not reflected for samba access until I restart the samba server. Example of what I mean. GroupA and GroupB....USER is part of no group. Unix: I give GroupA full access to FOLDER Windows: as USER I try and access FOLDER I get permission denied. Unix: I add USER to GroupA Windows: as USER I try and access FOLDER I get permission denied!!!!! Unix: I restart Samba server Windows: as USER I try and access FOLDER I get full access. This is definitely not going to work for me. I created an web application that gives me full control over samba and unix users so I can manage user/group permissions for all files and directories in my fileserver. If i have to restart the samba server every time I change somebodies group this is going to be chaos where I work. Adding users to files/folders works fine, its just when I add users to groups that Samba doesn't recognize that users new group until I restart. anyone have any idea how I can solve this issue? is this a Samba parameter that I need to make sure Samba konws when users move around to different groups? Thanks -Ray -- ------------------------------------------------------------------------ Raymond Holguin Programmer Analyst College of Humanities, Arts, and Social Sciences Tel: (951) 827-6212 Email: rholguin@ucr.edu
On 3/7/2008, Raymond Holguin (raymond.holguin@ucr.edu) wrote:> Unix: I add USER to GroupA > Windows: as USER I try and access FOLDER I get permission denied!!!!! > Unix: I restart Samba server > Windows: as USER I try and access FOLDER I get full access.Did the User log out then back in? Even in the Windows world, this is how it works. The Users Permissions are applied at Logon time, so any change in Group Membership will not show up unless/until the User logs out and back in. This may have changed with Server 2008, but I can't say becasue I haven't had time to test it... -- Best regards, Charles