CIFS rights applies incorrectly on patched OES2015 if using groups.

  • 7017411
  • 25-Mar-2016
  • 25-Mar-2016

Environment


Novell Open Enterprise Server 2015 (OES2015) Linux

Situation

OES2015 with current patches

Make 2 subdirs on the server
  -Create a test user, and a test group
  -Give the user rights to the one directory (for control)
  -Give the group rights to the other directory.

Now from a windows workstation do a net use * \\server\VOLUME /user:<username>
Notice you correctly see only the directory where the user has rights.

Now using iManager give the user explicit rights to the other directory, and notice that the user immediately and correctly now sees 2 directories.

Remove the explicit right to the groupdirectory, and verify that user correctly sees only one directory.

Now add the user to the group, and notice that the user (even when waiting quite a while) wrongly never gets access to the groupdirectory.

Reboot the server, and notice that now the user correctly sees the 2 directories. 
Now remove user from group, and note that the user still wrongly sees the 2 directories (and still does even after waiting quite a while).

Reboot the server again, and notice that user correctly sees only one directory again.

Resolution

nsscon

ForceSecurityEquivalenceUpdate

also see following settings in nsscon:
/(No)SecurityEquivalenceUpdating Enable/Disable background user security equivalence updating. [Value=ON]
/UpdateSecurityEquivalenceInterval= Set the Security Equivalence Update Interval in seconds. [Value=7237 Range=300-7776000] 7237 secs means 2 hrs. You can change this value to 15 mins so that group membership is updated once in 15 mins

Feedback service temporarily unavailable. For content questions or problems, please contact Support.