[Pkg-samba-maint] Bug#424629: [Samba] force group to Unix group in 3.0.25
Gerald (Jerry) Carter
jerry at samba.org
Sat May 19 12:01:19 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Christian Perrier wrote:
> Guys, I want to double check the patch to 3.0.24
> (thanks, Jerry, for it) but I need a test case...
> Given that I have to coordinate that update
> with Debian's security team, I better have
> to be triple secured..:-)
>
> However, I still haven't understood what *exactly*
> is the bug..:-)
>
> David, do you have a smb.conf excerpt which
> I could use for testing this ?
Christian, The issue that setting force group on a share
was causing all additional supplementary gids to be dropped
from the user's token.
So setup a share that has force group = foo and then
create a directory or file that the user should be able
to access based on supplementary groups other than
"foo".
You can verify the fix by looking at the NT and UNIX user
token debug output in smbd's level 10 debug logs.
Sorry for all the hassle and the regression. Jeremy
and I have both looked over the code and haven't seen
any other code paths than would be problematic so
I think this one patch is enough.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGTucPIR7qMdg1EfYRAlWVAKDRiZSq/FfghaiUWznGJOpOVEZ2GQCgs4Hg
sezgqgVmbsq2HnODTW9sNCE=
=ybgQ
-----END PGP SIGNATURE-----
More information about the Pkg-samba-maint
mailing list