[Samba] Standalone server and POSIX ACL issues (new one)
Rowland penny
rpenny at samba.org
Mon Aug 12 12:32:49 UTC 2019
On 12/08/2019 12:11, Yvan Masson via samba wrote:
>> So to sum up, setting ACL for the guest user is not enough for Samba,
>> while it works for other users. It does not depend on which Unix user
>> is used as guest.
>>
>> I just found a very strange workaround: the right needs to be given
>> to the primary group and not the user. For example, if my guest user
>> is "nobody", then I would give rights to group "nogroup". I also
>> tested to use alice as my guest user, and giving rights to group
>> "alice" (not the user) works.
>>
>> Any idea? Should I report an issue?
>
> For reference, I reported this issue at
> https://bugzilla.samba.org/show_bug.cgi?id=14083
>
> Yvan
>
Hi Yvan,
Now I have had chance to properly understand what you are trying to do,
I am sorry but Louis is correct, this isn't a bug.
The first thing to understand is that the guest user on any other
computer doesn't really equate to the guest user on the Samba computer.
You are mounting the share as the guest user, but this has nothing to do
with the permissions on the share. My misunderstanding was that I
thought you were connecting to a share using guest access, for this to
work, you need 'map to guest = bad user' and 'guest ok = yes in the
share. If you are using 'guest ok = yes' on a share, then you shouldn't
use authentication on the same share.
If you do have 'guest ok = yes' on a share, then if an unknown user
tries to connect to the share, before they get to the share they will
get mapped to the 'guest user' (usually 'nobody' on Unix), so anything
they add to the share will typically belong to 'nobody:nogroup' because
that is who is allowed access to the share.
So to recap, whilst you can mount a share as the guest user, it isn't
recommended, do not use guest access on a share that you also want
authenticated users to connect to.
Bearing this in mind, I am going to close your bug report.
Rowland
More information about the samba
mailing list