On 5/27/17, Rowland Penny via samba <samba at lists.samba.org> wrote:> On Sat, 27 May 2017 04:31:07 +0900 > john smith via samba <samba at lists.samba.org> wrote: > >> > getent passwd nobody >> > nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin >> >> Ok, I know that. Please read my 1st post more carefully. I added my >> nobody user to users group. I can log in as nobody on the server and >> do `chown nobody:users <FILE>. > > To login, you must have given 'nobody' a password, given it a home > directory and a shell that lets it login. Or do you mean that you can > connect to a share as the user 'nobody' although this would still > mean that 'nobody' has a password.First I log in as root into my OpenWRT router and then just do `su nobody'. Of course I had to enable nobody first by changing its shell from /var/false to /bin/ash. After doing `su nobody': uid=65534(nobody) gid=65534(nogroup) groups=100(users),65534(nogroup) Note that it belongs to users group. As a user nobody I can create a file: $ touch FILE $ ls -l FILE -rw-r--r-- 1 nobody nogroup 0 May 26 22:12 FILE And change the file's group to users: $ chown nobody:users FILE $ ls -l FILE -rw-r--r-- 1 nobody users 0 May 26 22:12 FILE And it works. Now, on my Linux box in /mnt/r when the router share is mounted as guest: $ chown ja:users TEST-FILE chown: changing ownership of 'TEST-FILE': Permission denied I pasted the logs, both strace and Samba logs from the router in my first post.> still think this is a good idea ???No, I don't. I suggested 4 alternative ways to solve this problem in my first post. I just want to know why can't I do chown as a guest in a mounted directory. -- <wempwer at gmail.com>
On Sat, 27 May 2017 05:18:25 +0900 john smith via samba <samba at lists.samba.org> wrote:> On 5/27/17, Rowland Penny via samba <samba at lists.samba.org> wrote: > > On Sat, 27 May 2017 04:31:07 +0900 > > john smith via samba <samba at lists.samba.org> wrote: > > > >> > getent passwd nobody > >> > nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin > >> > >> Ok, I know that. Please read my 1st post more carefully. I added my > >> nobody user to users group. I can log in as nobody on the server > >> and do `chown nobody:users <FILE>. > > > > To login, you must have given 'nobody' a password, given it a home > > directory and a shell that lets it login. Or do you mean that you > > can connect to a share as the user 'nobody' although this would > > still mean that 'nobody' has a password. > > First I log in as root into my OpenWRT router and then just do `su > nobody'. Of course I had to enable nobody first by changing its shell > from /var/false to /bin/ash. After doing `su nobody': > > uid=65534(nobody) gid=65534(nogroup) groups=100(users),65534(nogroup) > > Note that it belongs to users group. As a user nobody I can create a > file: > > $ touch FILE > $ ls -l FILE > -rw-r--r-- 1 nobody nogroup 0 May 26 22:12 FILE > > And change the file's group to users: > > $ chown nobody:users FILE > $ ls -l FILE > -rw-r--r-- 1 nobody users 0 May 26 22:12 FILE > > And it works.Well yes, it probably does, but out the box it wouldn't because it is a BAD idea.> I just want to know why can't I do chown as a guest in > a mounted directory.I do not fully know, but it is probably because this is such a bad idea that it has been made not to work, or even more likely, no one ever thought about doing this (because it is a bad idea), so there is no code in Samba to do this. Rowland
On 5/27/17, Rowland Penny via samba <samba at lists.samba.org> wrote:> I do not fully know, but it is probably because this is such a bad idea > that it has been made not to work, or even more likely, no one ever > thought about doing this (because it is a bad idea), so there is no > code in Samba to do this.But it seems that it took more work to prevent guest from performing chown than to allow it. As a Samba pseudo user guest is directly mapped to nobody on the server and as nobody is able to chown directly on the server there must be an additional code somewhere that intentionally forbid guest to chown. -- <wempwer at gmail.com>