NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
User and group broken permissions
Hi, I am using latest OS 6.5.1 I setup a share called "torrents" I have two groups: users and famille famille group has one user: enfants In SMB Network access: users: r/w - famille: no acces...
I have created:
user_users member of users
user_both_groups member of users, test_group
user_test_group member of test_group
test_share: users r/w, everything else at no
I can write to test_share from user user_test_group, which is not normal.
Local users & groups are ok.
Interestingly, if I run pdbedit -L -v, I see all three users with the same primary group SID. But I don't know how to read the output of that command.
user_users member of users
user_both_groups member of users, test_group
user_test_group member of test_group
test_share: users r/w, everything else at no
I can write to test_share from user user_test_group, which is not normal.
Local users & groups are ok.
Interestingly, if I run pdbedit -L -v, I see all three users with the same primary group SID. But I don't know how to read the output of that command.
Many thanks for your confirmation
This confirms that something is going very nasty at permissions level with the new upadates. The group users is taking over every user permissions. Groups became meaningless too as the group users is imposing all permissions. Currently, the only fix is to deny groups any permission and setup separately the users.
This puts the light on a complex and non sense users/groups permissions setup:
- what is the meaning of being able to setup separately the permissions of owner_user + the corresponding user and owner_group + corresponding group ? Which one will have the priority if we setup owner_user and the corresponding user differently ?
- what is the point of setting up group permissions if users of the actual group will have by default no read and no write access ?
To make things meaningful and obvious, we need the following:
- remove the unclear and redundant way allowing to set up two different access permissions for the same members/groups as in point 1
- in addition to the ro and rw options, add an option "inherit group permissions". That way, it is clear that:
- nothing is checked gives no mount access
- ro or rw if we need exceptions for the user. Else, "inherit group permissions" set by default for new users of a given group
- if we modify an existing group permissions, ask if we want to modify permissions for all its existing members or not (across all shares)
- if we modify the group for a given a user, ask if the user permissions should be changed to inherit the new group permissions, for all the shares
Actual situation is a total confusion. Not surprising that it ends to teh current inacceptable situation.
I really appreciate the great work done with the support team for ReadyNAS. They gave us uptodate options on legacy years-old hardware.
However, messing up a linux build to the level of breaking its basics, users and groups permissions, is something rather unbelievable...
Hope this will be fixed asap and my suggestions to make things more linux structured considered rapidly
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
