I have a user, "reg" which is a member of "users" but also a member of the groups "svn", "web-dev" and a couple of other groups.
When logged on as this user on my server I can get to a directory called ".svn" but not when using the same user through a samba share.
Below are the details of my setup and what happens when when I list from the samba share vs. on the server as the same user and the samba config files. Both the client and the server are Linux computers, OS = openSUSE 11.0 (client) & 11.2 (server). The uid of "reg" is the same on the server and client.
The share in question is "[data]" which you can see from the smb.conf file is a very simple config.
The share is mounted on the client with a normal cifs mount.
As you can see from line 48 below that from the client I get a "permission denied" which is not the case from the server (line 67).
Client cifs-mount version is 3.4.5
Server samba version is 3.4.2
If I change the group of .svn. to "web-dev" I still can't list it however if I change the group to "users", the main group for "reg" I can list the .svn directory. clearly it is just ignoring the additional groups and adding "force group = svn" in "global" and/or "data" seems to not help at all.
RegProctor
ASKER
I added the group "svn" to the client with and gave it the same gid as the server's svn group -- I didn't think it would make any difference but figured it was worth a shot, no change though.
Pieter Jordaan
Why are you using samba between two linux machines ?
If you create an nfs share on the server /etc/exports
and mount it from the client, unix permissions will apply.
Not to argue the point that NFS would be a better sharing solution, the issue will be the same, whether via NFS or Samba.... that, and the questioner asked how to fix what he has, not how to do what he wants better.
The issue is actually rather simple -- a classic case of user/group spaces NOT being shared or synchronized
When you login as reg on BOX1 and view the permissions of .svn, you see them as:
drwxrws--- 6 svn svn 4096 2010-02-18 23:08 .svn/
Which is to say, that the owner is UID 115 (which on that system's passwd file, belongs to the user svn), and the group is similarly svn (GID unknown from the information provided, but quite likely GID 115).
Now, you connect from BOX2 and view the permissions of .svn and you see them as:
drwxrws--- 6 115 tomcat 0 2010-02-18 23:08 .svn/
This is to say, that from the PERSPECTIVE OF THIS SYSTEM, svn is owned by UID 115 (which has no /etc/passwd entry at all), and has GID (potentially 115) that matches the group tomcat in the local /etc/group.
To see it more succinctly, try running the ls -ln command on .svn and see what you see... on EACH you should see the same:
drwxrws--- 6 115 115 0 2010-02-18 23:08 .svn/
(Granted, I've assumed here that the group svn on BOX1 has GID 115 -- but I think that a reasonable assumption!)
================
To put it simply, if you want the permissions to apply on BOX2, then the username/groupnames need to be the same (or at least the same for the users & groups desired) on BOX2.
So, to have .svn appear on BOX2 to have the same permissions as on BOX1, you need to CREATE the user svn (with UID 115) in /etc/passwd, and CHANGE the group named tomcat to be the group named svn on BOX2 (if you need a group called tomcat, create one with a different GID - preferably the same as the one on BOX1).
In addition, if user reg is supposed to belong to "users", "svn", "web-dev" and a couple of other groups, he'll need to belong to those groups on BOTH systems....
Dan, this was terrific, thanks! ...there is always something new to learn on Linux. I'll try this all out tonight or at the latest tomorrow and get back to you (I would do it now if I didn't have a deadline to deal with).
BTW, I do share this with a Windows computer as well at times, hence samba. I didn't mention it because I didn't think it was pertinent to the problem so you were spot on with your original statement.