On 5/26/17, Rowland Penny via samba <samba at lists.samba.org> wrote:> On Fri, 26 May 2017 22:19:17 +0900 > john smith via samba <samba at lists.samba.org> wrote: > >> >> But I just want to change group ownership. In order to change >> ownership to a given group a user has to be a member of that >> group. And in my case user nobody is a member of users group and can >> change file ownership to users group if it's done directly on the >> server but cannot do that when done on the different system in a >> directory when the share is mounted. > > But then again, 'nobody' should only be a member of the 'nogroup' group > > Doing what you are trying to do is very probably a security risk.It might be. However, the primary issue for me is to explain why can't I perform a chown operation with guest user. Is it fundamentally forbidden or is there a quirk? -- <wempwer at gmail.com>
On Sat, 27 May 2017 03:45:00 +0900 john smith via samba <samba at lists.samba.org> wrote:> > It might be. However, the primary issue for me is to explain why > can't I perform a chown operation with guest user. Is it > fundamentally forbidden or is there a quirk?I suppose one reason could be because there is no 'Guest' user in Unix, there is the Unix user 'nobody', but you cannot login as 'nobody' getent passwd nobody nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin Rowland
On 5/27/17, Rowland Penny <rpenny at samba.org> wrote:> On Sat, 27 May 2017 03:45:00 +0900 > john smith via samba <samba at lists.samba.org> wrote: > >> >> It might be. However, the primary issue for me is to explain why >> can't I perform a chown operation with guest user. Is it >> fundamentally forbidden or is there a quirk? > > I suppose one reason could be because there is no 'Guest' user in Unix, > there is the Unix user 'nobody', but you cannot login as 'nobody' > > getent passwd nobody > nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologinOk, I know that. Please read my 1st post more carefully. I added my nobody user to users group. I can log in as nobody on the server and do `chown nobody:users <FILE>. -- <wempwer at gmail.com>