[Samba] Unable to write to a share that I should have access to
Patrick Goetz
pgoetz at math.utexas.edu
Tue Mar 8 16:52:49 UTC 2022
On 3/8/22 10:29, Rob Campbell wrote:
> When the normal user owns the dir, they can run chown, right? Granted,
> it would only be to update the group or to transfer ownership to another
> user but I believe that is the only time a user has that permission.
>
Here I am in my home directory:
pgoetz at frog ~$ pwd
/home/pgoetz
pgoetz at frog ~$ mkdir testdir
pgoetz at frog ~$ ls -ld testdir
drwxr-xr-x 2 pgoetz pgoetz 4096 Mar 8 10:38 testdir
pgoetz at frog testdir$ touch foo
pgoetz at frog testdir$ ls -l foo
-rw-r--r-- 1 pgoetz pgoetz 0 Mar 8 10:39 foo
Let's make sure the file is wide open, to remove this possible variable:
pgoetz at frog testdir$ chmod 777 foo
pgoetz at frog testdir$ ls -l
total 0
-rwxrwxrwx 1 pgoetz pgoetz 0 Mar 8 10:39 foo
OK, let me attempt to transfer the permission to another user:
pgoetz at frog testdir$ id sven
uid=1005(sven) gid=1005(sven) groups=1005(sven)
pgoetz at frog testdir$ chown sven foo
chown: changing ownership of 'foo': Operation not permitted
I can change the group to a group that I'm in:
pgoetz at frog testdir$ chgrp users foo
pgoetz at frog testdir$ ls -l
total 0
-rwxrwxrwx 1 pgoetz users 0 Mar 8 10:39 foo
But I can't change the group to a group I'm not in:
pgoetz at frog testdir$ chgrp ftp foo
chgrp: changing group of 'foo': Operation not permitted
I think it's like Louis said: being able to arbitrarily change the uid
of a file as a non-privileged user would be a huge security hole, since
I could write a shell script called fml.sh
#!/bin/bash
cd /
rm -rf *
Then change the ownership to a privileged user:
$ chown root fml.sh
and now this script runs as root.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In all things, Be Intentional.
>
>
> On Tue, Mar 8, 2022 at 11:02 AM Patrick Goetz via samba
> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>
>
>
> On 3/8/22 00:49, Rowland Penny via samba wrote:
> > On Mon, 2022-03-07 at 20:40 -0600, Patrick Goetz via samba wrote:
> >>
> >> On 3/7/22 13:21, Rob Campbell via samba wrote:
> >>> Following
> >>>
> https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.samba.org%2Findex.php%2FSetting_up_a_Share_Using_POSIX_ACLs%23Setting_Standard_UNIX_ACLs&data=04%7C01%7C%7Ced0df6aa1dac4270f65608da00cfee65%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C0%7C0%7C637823190313579415%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=t8D4AdFB32Pgv8Cl4FaQrmWJ%2FoVwaUd7a4CN6fZs68k%3D&reserved=0
> <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.samba.org%2Findex.php%2FSetting_up_a_Share_Using_POSIX_ACLs%23Setting_Standard_UNIX_ACLs&data=04%7C01%7C%7Cba5a583940604cc0a6d608da0120faf3%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C0%7C0%7C637823538413023756%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=R0JuV4jJ%2BFTq1dQJMZqfInnzjj2DpA%2FoPLN7W%2Bai1Hs%3D&reserved=0>
> >>>
> >>> # chmod 2770 /srv/samba/Demo/
> >>> # chown root:"Domain Users" /srv/samba/Demo/
> >>>
> >>> When I try this, I get an error message
> >>> $ chown testuser:"Media Users" TV_Shows/
> >>> chown: invalid user: ‘testuser:Media Users’
> >>>
> >>
> >> First of all, you can't use chown as an ordinary user. Only
> root can
> >> do
> >> this. Second, I'm pretty sure your syntax is wrong? Try this (as
> >> root):
> >>
> >> # chown testuser:"Media Users" TV_Shows
> >
> > You can run 'chown' as a normal user, whether you have the
> permissions
> > to run it against a particular file is another thing. Also, there was
> > nothing wrong with the syntax.
> >
>
> What permission would allow you to run chown as a normal user?
>
>
> > Rowland
> >
> >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
> <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Foptions%2Fsamba&data=04%7C01%7C%7Cba5a583940604cc0a6d608da0120faf3%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C0%7C0%7C637823538413023756%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=mp39iBl%2FjwQCryH4w32oRSrvwdy56ETEihQJqr2PYfw%3D&reserved=0>
>
More information about the samba
mailing list