[Samba] Not possible to chown as guest?

john smith wempwer at gmail.com
Thu May 25 10:16:48 UTC 2017 

I run Samba server on my OpenWRT router.  I normally access the share
as guest from my Linux box. Here's the relevant line from my
/etc/fstab:

//192.168.1.1/T_Drive /mnt/r      cifs
guest,rw,iocharset=utf8,uid=1000   0       0

Recently I harnessed rsync to backup a number of photos from the Linux
to the Samba share mountpoint but rsync said that chgrp failed when it
tried to change group ownership to `users', my user's primary group.
I run smbd as nobody user on OpenWRT, I added it to `users' group and
can do the following on the router:

/tmp/chown-test $ id
uid=65534(nobody) gid=65534(nogroup) groups=100(users),65534(nogroup)
/tmp/chown-test $ touch FILE
/tmp/chown-test $ ls -l FILE
-rw-r--r--    1 nobody   nogroup          0 May 25 11:51 FILE
/tmp/chown-test $ chown nobody:users FILE
/tmp/chown-test $ ls -l FILE
-rw-r--r--    1 nobody   users            0 May 25 11:51 FILE

However, the same done in Samba mountpoint on the Linux box fails:

$ touch TEST-FILE
$ ll TEST-FILE
-rw-r--r-- 1 ja 65534 0 May 25 12:01 TEST-FILE
$ chown ja:users TEST-FILE
chown: changing ownership of 'TEST-FILE': Permission denied

Strace from Samba on OpenWRT says:

[pid 15806] lchown("something", -1, 100) = -1 EPERM (Operation not permitted)

and Samba log says:

  smb_set_file_unix_basic: SMB_SET_FILE_UNIX_BASIC: name = something
size = 0, uid = 1000, gid = 100, raw perms = 037777777777
[2017/05/24 23:21:55.355240, 10, pid=26013, effective(99, 99),
real(99, 0)] ../source3/smbd/trans2.c:7623(smb_set_file_unix_basic)
  smb_set_file_unix_basic: SMB_SET_FILE_UNIX_BASIC changing owner 1000
for path something
[2017/05/24 23:21:55.355253,  3, pid=26013, effective(99, 99),
real(99, 0)] ../source3/smbd/error.c:82(error_packet_set)
  NT error packet at ../source3/smbd/trans2.c(8784) cmd=50 (SMBtrans2)
NT_STATUS_ACCESS_DENIED

I'm aware that this issue can be solved in 4 different ways:

1. by modifying rsync parameters to ignore group ownership
2. by using gid=100 option in /etc/fstab
3. by using `force group = users' option on Samba server
4. by accessing Samba share as a Samba user instead of guest - I tried
it and learned that chmod works when done as a non-guest user.

Is my thinking correct that it's not possible for guest to chown a
file? I read the documentation but I have not found any mention of
that limitation.
-- 
<wempwer at gmail.com>

More information about the samba mailing list