On 5/26/17, Reindl Harald via samba <samba at lists.samba.org> wrote:> > > Am 25.05.2017 um 12:16 schrieb john smith via samba: >> Is my thinking correct that it's not possible for guest to chown a >> file? I read the documentation but I have not found any mention of >> that limitation. > > only root and owner can change permissions of files, only root can chown > files - if a *guest* user could do root-privileged tasks io would write > a bugreportBut I just want to change group ownership. In order to change ownership to a given group a user has to be a member of that group. And in my case user nobody is a member of users group and can change file ownership to users group if it's done directly on the server but cannot do that when done on the different system in a directory when the share is mounted. -- <wempwer at gmail.com>
On Fri, 26 May 2017 22:19:17 +0900 john smith via samba <samba at lists.samba.org> wrote:> > But I just want to change group ownership. In order to change > ownership to a given group a user has to be a member of that > group. And in my case user nobody is a member of users group and can > change file ownership to users group if it's done directly on the > server but cannot do that when done on the different system in a > directory when the share is mounted.But then again, 'nobody' should only be a member of the 'nogroup' group Doing what you are trying to do is very probably a security risk. Rowland
On 5/26/17, Rowland Penny via samba <samba at lists.samba.org> wrote:> On Fri, 26 May 2017 22:19:17 +0900 > john smith via samba <samba at lists.samba.org> wrote: > >> >> But I just want to change group ownership. In order to change >> ownership to a given group a user has to be a member of that >> group. And in my case user nobody is a member of users group and can >> change file ownership to users group if it's done directly on the >> server but cannot do that when done on the different system in a >> directory when the share is mounted. > > But then again, 'nobody' should only be a member of the 'nogroup' group > > Doing what you are trying to do is very probably a security risk.It might be. However, the primary issue for me is to explain why can't I perform a chown operation with guest user. Is it fundamentally forbidden or is there a quirk? -- <wempwer at gmail.com>