[Samba] Cannot write over root owned file

Adam Nielsen adam.nielsen at uq.edu.au
Wed May 3 06:10:52 GMT 2006


> I found out the new file created by your touch command was owned by 
> lba:users.  That was expected since I was in a shell as user lba.
> However, when I tried to copy over a root owned file, first as su and 
> then as su -, the operation failed.  Why can't I copy over a root
> owned file when I'm root?

Because you're not actually root :-)

> I also noticed that, when I touched as su or su -, I could create the 
> file but in each case owner was lba:users.  However, when I did the
> same touch within my own file system, the file owner became root.

I think I can see the problem here.  When you run 'su', you become root
on your own PC, however /mnt/tillie is *not* on your PC, so you don't
become root in that directory - no matter what user you are (lba or
root), Samba converts all your filesystem requests into whichever user
mapped the share (i.e. the user who ran smbmount.)  Since 'lba' mounted
the share, all access to that filesystem is done as 'lba' on the
remote PC, which is why the files are owned by lba even when you created
them as root.

> I smbmounted the share with a simple _root_ script containing:
> smbmount  //tillie/all  /mnt/tillie  -o uid=0
> Shouldn't that have given me root priviledges?

It could have, however you didn't specify a username.  uid=0 means that
all files will *appear* on your PC as if they're owned by root, ignoring
who actually owns them on the server.  What you probably want is to
change that to "username=root" which will give you root access to the
share on the *server* side.  Once you've got root access to the share on
the server, then you can start overwriting files.  You can use the
'touch' trick to make sure you really have connected as root.

> Is sharing as root okay or is it bad practice?  Why?

It is somewhat bad practice, because depending on the set up, you could
end up granting anyone on your local PC (including a virus) full root
access to the other PC.

However having said that, it is possible to do what you're trying to
do safely (and sometimes granting root access is the only way to do it),
but you have to be really careful that normal users don't get full
access to the share. As long as you have to 'su' to root on your local
PC *first*, before you can access the remote files, then it should be
okay.

> I appreciate your helping me very much.  You can see I'm a little 
> confused how to take over my little network and bend it to my will
> <g>.

No problem - I know just how confusing it can be :-)

Cheers,
Adam.


More information about the samba mailing list