[Samba] Unable to write to a share that I should have access to

L.P.H. van Belle belle at bazuin.nl
Tue Mar 8 13:42:31 UTC 2022 

Ah wait.. Your right patrick, now i see what you guys mean.. 

No, that example is not UID:GID related.
No, thats not possible, except, we can change the group in this cases.

If we could use chown as user and set the owner to an other user,
that would open a very big security hole. 

On Linux, you need the CAP_CHOWN capability to chown. 
root is granted such and yeah, you could change that to make and own pam module.
Not that i recommend it. 

Sorry for the confusion.. 

Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Patrick Goetz via samba
> Verzonden: dinsdag 8 maart 2022 13:53
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Unable to write to a share that I 
> should have access to
> 
> 
> 
> On 3/8/22 04:52, L.P.H. van Belle via samba wrote:
> > Hai,
> > 
> > It's seldom i had problem due AppArmor these days, the 
> defaults are fine in general.
> > And its installed.. By default, it comes with the kernels..
> > Just leave it as is.. It should add the path's of share's 
> automaticly to apparmor.
> > 
> >>> When I try this, I get an error message
> >>> $ chown testuser:"Media Users" TV_Shows/
> >>> chown: invalid user: ‘testuser:Media Users’
> > 
> > getent passwd testuser
> > id testuser
> > wbinfo -i testuser
> > Do these show the needed info, uid gid homedir..
> > 
> > This :  chown testuser:"Media Users" TV_Shows
> > Only works if you a UIG:GID set .. I suspect one is missing.
> > 
> > Chown, does work fine as user, as long as the user has rights,
> >   to write in that location where chown is used.
> > 
> 
> Louis, if that works for you, I'd love to know why:
> 
>    [pgoetz at frog ~]$ mkdir testdir
> 
>    [pgoetz at frog ~]$ cd testdir
> 
>    [pgoetz at frog testdir]$ touch foo
> 
>    [pgoetz at frog testdir]$ ls -l foo
>    -rw-r--r-- 1 pgoetz pgoetz 0 Mar  8 06:46 foo
> 
>    [pgoetz at frog testdir]$ chown sven foo
>    chown: changing ownership of 'foo': Operation not permitted
> 
>    [pgoetz at frog testdir]$ sudo -i
>    [sudo] password for pgoetz:
> 
>    [root at frog ~]# cd /home/pgoetz/testdir
> 
>    [root at frog testdir]# chown sven foo
> 
>    [root at frog testdir]# ls -l
>    total 0
>    -rw-r--r-- 1 sven pgoetz 0 Mar  8 06:46 foo
> 
> 
> This is on an Arch linux system, but Ubuntu behaves the same way. If 
> this is a configurable option, I want to know how to do it.
> 
> 
> > In smb.conf
> > Remove these lines..
> >>> valid users = @HOME\Photos_Users @HOME\Multimedia_Users
> > And setup like this.
> > 
> >     read list = @"HOME\Photos_Users",@"HOME\Multimedia_Users"
> >     write list = @ANY_GROUP_for_Write_ACCESS
> > 
> > 
> > Make sure also that you have in nsswitch.conf .. (* i 
> suggest, keep winbind as last)
> > passwd:         files systemd winbind
> > group:          files systemd winbind
> > 
> > And check that libnss-winbind libpam-winbind are installed.
> > 
> > Greetz,
> > 
> > Louis
> > 
> > 
> > 
> > 
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> >> Rowland Penny via samba
> >> Verzonden: maandag 7 maart 2022 20:33
> >> Aan: samba at lists.samba.org
> >> Onderwerp: Re: [Samba] Unable to write to a share that I
> >> should have access to
> >>
> >> On Mon, 2022-03-07 at 12:00 -0500, Rob Campbell via samba wrote:
> >>> Selinux is definitely turned off and I have no idea what 
> apparmor is
> >>> but it
> >>> is not installed.
> >>
> >> Apparmor is basically the Debian version of Selinux, both 
> of which can
> >> stop users writing to a location.
> >>
> >> Rowland
> >>   
> >>
> >>
> >> -- 
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  
> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2
> F%2Flists.samba.org%2Fmailman%2Foptions%2Fsamba&data=04%7C
01%7C%7Cf4b3e8fa422b43fcb91f08da00f1e9ee%> 7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C0%7C0%7C63782333629250117
> 7%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIi
LCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000> &sdata=qGJUScGhujjd7Rfan0w6dSTSiRWRUDHNJlDcI%2FqvvO8%3D&am
p;reserved=0
> >>
> >>
> > 
> > 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list