s3-printing: follow force user/group for driver IO
Configuring force user/group settings for the print$ share currently has
unexpected results, this is explained by how the driver upload/add
process takes place. Consider the following example:
[print$]
path = /print-drv
write list = $DRIVER_UPLOAD_USER
force group = ntadmin
- the client connects to the [print$] share and uploads all driver
files to the /print-drv/W32X86 directory.
- This is permitted, as /print-drv/W32X86 is owned by group ntadmin, and
the "force group = ntadmin" takes effect for the [print$] session.
- Once all files are uploaded, the client connects to the [ipc$]
share and issues an AddPrinterDriverEx spoolss request.
- In handling this request move_driver_to_download_area() is called,
which attempts to create the directory /print-drv/W32X86/3
- The create directory fails, as it is done as the user connected to
the [ipc$] share which does not have permission to write to the driver
directory. The [print$] "force group = ntadmin" has no effect.
This is a regression from previous behaviour prior to the commit:
783ab04 Convert move_driver_to_download_area to use create_conn_struct.
https://bugzilla.samba.org/show_bug.cgi?id=7921
git.samba.org / ddiss / samba.git / commit