On 5/27/17, Rowland Penny <rpenny at samba.org> wrote:> On Sat, 27 May 2017 03:45:00 +0900 > john smith via samba <samba at lists.samba.org> wrote: > >> >> It might be. However, the primary issue for me is to explain why >> can't I perform a chown operation with guest user. Is it >> fundamentally forbidden or is there a quirk? > > I suppose one reason could be because there is no 'Guest' user in Unix, > there is the Unix user 'nobody', but you cannot login as 'nobody' > > getent passwd nobody > nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologinOk, I know that. Please read my 1st post more carefully. I added my nobody user to users group. I can log in as nobody on the server and do `chown nobody:users <FILE>. -- <wempwer at gmail.com>
On Sat, 27 May 2017 04:31:07 +0900 john smith via samba <samba at lists.samba.org> wrote:> > getent passwd nobody > > nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin > > Ok, I know that. Please read my 1st post more carefully. I added my > nobody user to users group. I can log in as nobody on the server and > do `chown nobody:users <FILE>.To login, you must have given 'nobody' a password, given it a home directory and a shell that lets it login. Or do you mean that you can connect to a share as the user 'nobody' although this would still mean that 'nobody' has a password. Let me run this scenario past you. You set up a standalone server with guest access. You allow user 'nobody' to login. Somebody puts a script on the share, then as user 'nobody' runs 'chmod +x script' (if your user runs chown, it can run chmod), then the unknown user runs the script and anything can happen, it could make your unknown user 'root', still think this is a good idea ??? Rowland
On 5/27/17, Rowland Penny via samba <samba at lists.samba.org> wrote:> On Sat, 27 May 2017 04:31:07 +0900 > john smith via samba <samba at lists.samba.org> wrote: > >> > getent passwd nobody >> > nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin >> >> Ok, I know that. Please read my 1st post more carefully. I added my >> nobody user to users group. I can log in as nobody on the server and >> do `chown nobody:users <FILE>. > > To login, you must have given 'nobody' a password, given it a home > directory and a shell that lets it login. Or do you mean that you can > connect to a share as the user 'nobody' although this would still > mean that 'nobody' has a password.First I log in as root into my OpenWRT router and then just do `su nobody'. Of course I had to enable nobody first by changing its shell from /var/false to /bin/ash. After doing `su nobody': uid=65534(nobody) gid=65534(nogroup) groups=100(users),65534(nogroup) Note that it belongs to users group. As a user nobody I can create a file: $ touch FILE $ ls -l FILE -rw-r--r-- 1 nobody nogroup 0 May 26 22:12 FILE And change the file's group to users: $ chown nobody:users FILE $ ls -l FILE -rw-r--r-- 1 nobody users 0 May 26 22:12 FILE And it works. Now, on my Linux box in /mnt/r when the router share is mounted as guest: $ chown ja:users TEST-FILE chown: changing ownership of 'TEST-FILE': Permission denied I pasted the logs, both strace and Samba logs from the router in my first post.> still think this is a good idea ???No, I don't. I suggested 4 alternative ways to solve this problem in my first post. I just want to know why can't I do chown as a guest in a mounted directory. -- <wempwer at gmail.com>