Debian Bug report logs - #678834
guest users create locally inaccessible files owned by nobody

Package: samba; Maintainer for samba is Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>; Source for samba is src:samba.

Reported by: email.bug@arcor.de

Date: Sun, 24 Jun 2012 15:33:01 UTC

Severity: normal

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#678834; Package samba. (Sun, 24 Jun 2012 15:33:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to email.bug@arcor.de:
New Bug report received and forwarded. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Sun, 24 Jun 2012 15:33:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: email.bug@arcor.de
To: submit@bugs.debian.org
Subject: guest users create locally inaccessible files owned by nobody
Date: Sun, 24 Jun 2012 17:30:38 +0200 (CEST)
Package: samba

Collaboration with guests is broken, and a truel solution is needed. 

Sleeping over it, the idea I proposed in #678616 (a different "guest account" definition)
really isn't solving the problem in general. Its way too static, to be right for everybody.

For net usershares at least, samba has the information who created the share,
thus it could use that when samba guests are creating files.

Ideally, the file could still be identifiable to the samba guest with
its group ownership set to samba-guest.






Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#678834; Package samba. (Thu, 12 Jul 2012 09:27:14 GMT) Full text and rfc822 format available.

Acknowledgement sent to email.bug@arcor.de:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Thu, 12 Jul 2012 09:27:24 GMT) Full text and rfc822 format available.

Message #10 received at 678834@bugs.debian.org (full text, mbox):

From: email.bug@arcor.de
To: 678834@bugs.debian.org
Subject: usable configurations for guest-writable public samba shares
Date: Thu, 12 Jul 2012 11:23:26 +0200 (CEST)
The three alternatives I found:

• (also a workaround without samba adjustments) chmod publicly writable shares to be setguid dirs and add the samba option "inherit permissions = yes" (x bits are still mapped to archive,hidden,system)

• (should works in all cases)  let samba guests create files as "sambaguest" and belonging to the "users" group (rw for all users if they have local access to the path)

• (should work for usershares)  let samba guests create files in the name of the user who created the user share (and belonging to the "sambaguest" group)




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#678834; Package samba. (Tue, 08 Jan 2013 10:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to email.bug@arcor.de:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Tue, 08 Jan 2013 10:51:03 GMT) Full text and rfc822 format available.

Message #15 received at 678834@bugs.debian.org (full text, mbox):

From: email.bug@arcor.de
To: 678834@bugs.debian.org
Subject: permission fix for public shares
Date: Tue, 8 Jan 2013 11:49:47 +0100 (CET)
The experience after a couple of months showed that the solution that sets "inherit permissions = yes" as default works very well.

I'd suggest to implement that change as a fix. (Either in the default config file shipped, or better, by adjusting the fallback value that samba uses if the option is not defined in the configuraiton.) Adjusting a default in this way also seems to be the easiest of the options.

I did not experience interference with manually defined shares, but if there is a possibility to define it as a default that applies only to usershares (maybe a template file?) that might be an option as well.






Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#678834; Package samba. (Tue, 08 Jan 2013 11:15:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to email.bug@arcor.de:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Tue, 08 Jan 2013 11:15:05 GMT) Full text and rfc822 format available.

Message #20 received at 678834@bugs.debian.org (full text, mbox):

From: email.bug@arcor.de
To: 678834@bugs.debian.org
Subject: permissions of shared directory
Date: Tue, 8 Jan 2013 12:12:56 +0100 (CET)
For the sake of completeness for users that are bitten by this bug and search for instructions:

The filesystem permissions of a fully publicly shared directory (i.e. ~/public) has to be drwxrwsrwx.

   chmod a+rwx ~/public
   chmod g+s ~/public

And /etc/samba/smb.conf has to contain the  line 

   inherit permissions = yes

in the [global] section.



Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 19:28:01 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.