[Samba] Fwd: NT_STATUS_ACCESS_DENIED for guest account to public share
Rowland Penny
rpenny at samba.org
Fri May 25 19:19:46 UTC 2018
On Fri, 25 May 2018 14:48:35 -0400
Raymond Page <pagerc at gmail.com> wrote:
> So the guest account ignores the owner permissions of the files it
> interacts with and relies only on group membership and world
> permissions?
>
> Why do I need the sgid? Users will create files/directories that will
> default to their default group from /etc/passwd, and that's the
> behavior I want. Authenticated users should be able to make
> files/directories with group membership different from guest accounts.
>
That isn't how the guest account works, anybody who connects to your
share must be the guest user (remember that you don't have any users
and unknown users are mapped to the guest account by 'map to guest =
Bad User'). Now normally 'nobody' is the guest user and its group is
'nogroup', but you are using 'guest' with the group 'users' (this is a
bad move by the way). Because of all this and the way the share is set
up, all files and directories created in the share will belong to
'guest:users'
As I sort of said, having a share the way you have set it up, only
makes sense if you want/need a wide open share. Just about the only
way you could make it any less secure would be to allow wide links
Do you really need a standalone server ? or are the rest of the
computers in a domain ?
Rowland
More information about the samba
mailing list