[Samba] Fwd: NT_STATUS_ACCESS_DENIED for guest account to public share
pagerc at gmail.com
Fri May 25 18:48:35 UTC 2018
So the guest account ignores the owner permissions of the files it
interacts with and relies only on group membership and world permissions?
Why do I need the sgid? Users will create files/directories that will
default to their default group from /etc/passwd, and that's the behavior I
want. Authenticated users should be able to make files/directories with
group membership different from guest accounts.
On Fri, May 25, 2018 at 2:26 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Fri, 25 May 2018 14:10:26 -0400
> Raymond Page <pagerc at gmail.com> wrote:
> > I want to keep the 'nobody' account for NFS usage. For Samba, I want
> > to use the 'guest' account as it is properly restricted.
> > I want everyone to connect to samba as the 'guest' user, but I don't
> > want loose permissions on the directory location.
> Don't understand why you think the 'guest' user is 'properly
> restricted', it isn't a standard Unix user, so you must have created
> it, so it is as restricted as you made it, but it is a member of the
> 'users' group, so it will have all the permissions of that group.
> > I've been trying multiple variations and settings, changing to the
> > 'nobody' user doesn't fix the issue. The closest to working I've
> > gotten is setting chmod g+w /mnt/share, which because the guest
> > account's default gid is 100 (users), allowed uid 405 to write to gid
> > 100. However, I expect that uid 405 in samba should be able to write
> > to uid 405 on the share
> > # ls -lad /mnt/share ; ls -land /mnt/share ; grep mnt /proc/mounts
> > drwxr-xr-x 5 guest users 4096 May 25 15:18 /mnt/share
> > drwxr-xr-x 5 405 100 4096 May 25 15:18 /mnt/share
> > /dev/mapper/storage /mnt ext4 rw,relatime,data=ordered 0 0
> Did you know that a guest share has another name, it is 'A wide open
> share', the only way to get a guest share to work is to 'chmod 2775' on
> the share, if you want security, then do not use a guest share.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba