Bug 475959 - parameter "force group" breaks public shares for guest account
parameter "force group" breaks public shares for guest account
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: samba (Show other bugs)
All Linux
low Severity medium
: rc
: ---
Assigned To: Simo Sorce
Depends On:
  Show dependency treegraph
Reported: 2008-12-11 05:21 EST by Ralph Angenendt
Modified: 2008-12-15 08:50 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-12-15 08:50:56 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
CentOS 3293 None None None Never

  None (edit)
Description Ralph Angenendt 2008-12-11 05:21:56 EST
[root@shutdown ~]# mount -t cifs -o user=nobody,guest //mir-qs/on3 /mnt/tmp/
mount error 13 = Permission denied
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)

Error message on the server is

make_connection: connection to on3 denied due to security descriptor.

Googling around led me to the belief that someone fooled around with
srvmgr.exe from a windows machine and that I should remove
/var/cache/samba/share_info.tdb and restart samba. Which doesn't work.

This is my smb.conf (well, only the most important parts):

    workgroup = FOOBAR
    server string = My Server
    map to guest = Bad User
    preferred master = No
    local master = No
    domain master = No
    dns proxy = No

    comment = Audio-Video-Imports
    path = /local/mir/import/on3
    force group = users
    read only = No
    create mask = 0664
    directory mask = 0775
    guest ok = Yes

This is my smbusers:
root = administrator admin
nobody = guest pcguest smbguest

Now if I take out the "force group = users" everything works as
expected. Except that I cannot write in this share - nobody isn't in the
group users.

smbclient works, mounting those shares from Windows also works.

Mounting does not work from CentOS 3, 4, 5 or OS X (command line).
Comment 1 Simo Sorce 2008-12-15 08:50:56 EST
Sorry, this is not a bug, but expected behaviour.
Force user and force group will work only with an authenticated connection, guest connections cannot use these directives.

Note You need to log in before you can comment on or make changes to this bug.