Re: multiuser access and group membership(s)

["Aurélien Aptel" <aaptel@suse.com>]

Hi,

> Surprises:
>
> * Files owned by local accounts appeared to be owned
> by 'root:root'. 

When cifs.ko fails to resolve sid<=>uid/gid mapping it defaults to
root:root.

> * Files in well-known-groups, seemed to
> resolve ok, but didn't recognize my domain login as
> being in one of those groups.

Make sure you have cifsacl along with multiuser. In my testing
(multiuser with kerberos) I can see domain accounts resolve fine. Not
sure about local accounts. 

Keep in mind cifs.ko is delegating the work of resolving to winbind. So
I would suggest trying resolving the things that don't seem to work
directly with the wbinfo utility (see --sid-to-uid, --sid-to-fullname
etc). My guess is it won't work either but it could be easier to debug
from that end.

> * Files with group ownership of Administrators allowed access
>   regardless of permission bits (though I am in Administrators group).
>  -However, files owned (showing in UID) field AdministratorsGroup
>   showed up as being owned by 'root' from the linux machine  and
>   didn't enable access (though some other rule might).

cifsacl mount option will also enable mapping mode bits to ACL but in a
best-effort manner as a 1:1 mapping is unfortunately impossible. It is
not very reliable and we also have no tests to check those mappings :(

I think Shyam worked on this recently, maybe he can comment.

Cheers,
-- 
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)