[Samba] Unable to write to a share that I should have access to

Patrick Goetz pgoetz at math.utexas.edu
Tue Mar 8 16:52:49 UTC 2022 


On 3/8/22 10:29, Rob Campbell wrote:
> When the normal user owns the dir, they can run chown, right?  Granted, 
> it would only be to update the group or to transfer ownership to another 
> user but I believe that is the only time a user has that permission.
> 

Here I am in my home directory:

   pgoetz at frog ~$ pwd
   /home/pgoetz

   pgoetz at frog ~$ mkdir testdir
   pgoetz at frog ~$ ls -ld testdir
   drwxr-xr-x 2 pgoetz pgoetz 4096 Mar  8 10:38 testdir

   pgoetz at frog testdir$ touch foo
   pgoetz at frog testdir$ ls -l foo
   -rw-r--r-- 1 pgoetz pgoetz 0 Mar  8 10:39 foo

Let's make sure the file is wide open, to remove this possible variable:

   pgoetz at frog testdir$ chmod 777 foo
   pgoetz at frog testdir$ ls -l
   total 0
   -rwxrwxrwx 1 pgoetz pgoetz 0 Mar  8 10:39 foo

OK, let me attempt to transfer the permission to another user:

   pgoetz at frog testdir$ id sven
   uid=1005(sven) gid=1005(sven) groups=1005(sven)

   pgoetz at frog testdir$ chown sven foo
   chown: changing ownership of 'foo': Operation not permitted

I can change the group to a group that I'm in:

   pgoetz at frog testdir$ chgrp users foo
   pgoetz at frog testdir$ ls -l
   total 0
   -rwxrwxrwx 1 pgoetz users 0 Mar  8 10:39 foo

But I can't change the group to a group I'm not in:

   pgoetz at frog testdir$ chgrp ftp foo
   chgrp: changing group of 'foo': Operation not permitted

I think it's like Louis said: being able to arbitrarily change the uid 
of a file as a non-privileged user would be a huge security hole, since 
I could write a shell script called fml.sh

   #!/bin/bash
   cd /
   rm -rf *

Then change the ownership to a privileged user:

   $ chown root fml.sh

and now this script runs as root.

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In all things, Be Intentional.
> 
> 
> On Tue, Mar 8, 2022 at 11:02 AM Patrick Goetz via samba 
> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
> 
> 
> 
>     On 3/8/22 00:49, Rowland Penny via samba wrote:
>      > On Mon, 2022-03-07 at 20:40 -0600, Patrick Goetz via samba wrote:
>      >>
>      >> On 3/7/22 13:21, Rob Campbell via samba wrote:
>      >>> Following
>      >>>
>     https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.samba.org%2Findex.php%2FSetting_up_a_Share_Using_POSIX_ACLs%23Setting_Standard_UNIX_ACLs&data=04%7C01%7C%7Ced0df6aa1dac4270f65608da00cfee65%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C0%7C0%7C637823190313579415%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=t8D4AdFB32Pgv8Cl4FaQrmWJ%2FoVwaUd7a4CN6fZs68k%3D&reserved=0
>     <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.samba.org%2Findex.php%2FSetting_up_a_Share_Using_POSIX_ACLs%23Setting_Standard_UNIX_ACLs&data=04%7C01%7C%7Cba5a583940604cc0a6d608da0120faf3%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C0%7C0%7C637823538413023756%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=R0JuV4jJ%2BFTq1dQJMZqfInnzjj2DpA%2FoPLN7W%2Bai1Hs%3D&reserved=0>
>      >>>
>      >>> # chmod 2770 /srv/samba/Demo/
>      >>> # chown root:"Domain Users" /srv/samba/Demo/
>      >>>
>      >>> When I try this, I get an error message
>      >>> $ chown testuser:"Media Users" TV_Shows/
>      >>> chown: invalid user: ‘testuser:Media Users’
>      >>>
>      >>
>      >> First of all, you can't use chown as an ordinary user.  Only
>     root can
>      >> do
>      >> this.  Second, I'm pretty sure your syntax is wrong?  Try this (as
>      >> root):
>      >>
>      >>      # chown testuser:"Media Users" TV_Shows
>      >
>      > You can run 'chown' as a normal user, whether you have the
>     permissions
>      > to run it against a particular file is another thing. Also, there was
>      > nothing wrong with the syntax.
>      >
> 
>     What permission would allow you to run chown as a normal user?
> 
> 
>      > Rowland
>      >
>      >
>      >
> 
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions: https://lists.samba.org/mailman/options/samba
>     <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Foptions%2Fsamba&data=04%7C01%7C%7Cba5a583940604cc0a6d608da0120faf3%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C0%7C0%7C637823538413023756%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=mp39iBl%2FjwQCryH4w32oRSrvwdy56ETEihQJqr2PYfw%3D&reserved=0>
>

More information about the samba mailing list