Web lists-archives.com

Re: [Samba] Fwd: NT_STATUS_ACCESS_DENIED for guest account to public share




So the guest account ignores the owner permissions of the files it
interacts with and relies only on group membership and world permissions?

Why do I need the sgid? Users will create files/directories that will
default to their default group from /etc/passwd, and that's the behavior I
want. Authenticated users should be able to make files/directories with
group membership different from guest accounts.

--
Raymond Page


On Fri, May 25, 2018 at 2:26 PM Rowland Penny via samba <
samba@xxxxxxxxxxxxxxx> wrote:

> On Fri, 25 May 2018 14:10:26 -0400
> Raymond Page <pagerc@xxxxxxxxx> wrote:
>
> > I want to keep the 'nobody' account for NFS usage. For Samba, I want
> > to use the 'guest' account as it is properly restricted.
> > I want everyone to connect to samba as the 'guest' user, but I don't
> > want loose permissions on the directory location.
>
> Don't understand why you think the 'guest' user is 'properly
> restricted', it isn't a standard Unix user, so you must have created
> it, so it is as restricted as you made it, but it is a member of the
> 'users' group, so it will have all the permissions of that group.
>
> >
> > I've been trying multiple variations and settings, changing to the
> > 'nobody' user doesn't fix the issue. The closest to working I've
> > gotten is setting chmod g+w /mnt/share, which because the guest
> > account's default gid is 100 (users), allowed uid 405 to write to gid
> > 100. However, I expect that uid 405 in samba should be able to write
> > to uid 405 on the share
> >
> > # ls -lad /mnt/share ; ls -land /mnt/share ; grep mnt /proc/mounts
> > drwxr-xr-x 5 guest users 4096 May 25 15:18 /mnt/share
> > drwxr-xr-x 5 405 100 4096 May 25 15:18 /mnt/share
> > /dev/mapper/storage /mnt ext4 rw,relatime,data=ordered 0 0
> >
>
> Did you know that a guest share has another name, it is 'A wide open
> share', the only way to get a guest share to work is to 'chmod 2775' on
> the share, if you want security, then do not use a guest share.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba