[Samba] Fwd: NT_STATUS_ACCESS_DENIED for guest account to public share
Rowland Penny
rpenny at samba.org
Fri May 25 18:25:40 UTC 2018
On Fri, 25 May 2018 14:10:26 -0400
Raymond Page <pagerc at gmail.com> wrote:
> I want to keep the 'nobody' account for NFS usage. For Samba, I want
> to use the 'guest' account as it is properly restricted.
> I want everyone to connect to samba as the 'guest' user, but I don't
> want loose permissions on the directory location.
Don't understand why you think the 'guest' user is 'properly
restricted', it isn't a standard Unix user, so you must have created
it, so it is as restricted as you made it, but it is a member of the
'users' group, so it will have all the permissions of that group.
>
> I've been trying multiple variations and settings, changing to the
> 'nobody' user doesn't fix the issue. The closest to working I've
> gotten is setting chmod g+w /mnt/share, which because the guest
> account's default gid is 100 (users), allowed uid 405 to write to gid
> 100. However, I expect that uid 405 in samba should be able to write
> to uid 405 on the share
>
> # ls -lad /mnt/share ; ls -land /mnt/share ; grep mnt /proc/mounts
> drwxr-xr-x 5 guest users 4096 May 25 15:18 /mnt/share
> drwxr-xr-x 5 405 100 4096 May 25 15:18 /mnt/share
> /dev/mapper/storage /mnt ext4 rw,relatime,data=ordered 0 0
>
Did you know that a guest share has another name, it is 'A wide open
share', the only way to get a guest share to work is to 'chmod 2775' on
the share, if you want security, then do not use a guest share.
Rowland
More information about the samba
mailing list