0

Please see my screenshot below.

enter image description here

User chj executes chmod +x ichsize.out, but fails with Operation not permitted.

ichszie.out has world-rw permission enabled, but it looks not enough.

-rw-rw-rw-  1 nobody nogroup 27272 May 26 18:51 ichsize.out

The owner of ichsize.out is nobody, because that file is created by the Samba server, serving a [projects] directory location like this:

[projects]
        comment = VS2019 Linux-dev project output
        path = /home/chj2/projects
        browseable = yes
        read only = no
        guest ok = yes

        create mask = 0666    #(everybody: read+write)
        directory mask = 0777 #(everybody: list+modify+traverse)
        hide dot files = no

The Samba client accessed this share with guest identity, and requested creating the ichsize.out file.

The system is Raspberry Pi based on Debian version: 11 (bullseye). Ubuntu 20.04 exhibits the same.

So I'd like to know, how can I write my smb.conf so that any user on the RasPi can do chmod +x on that file.

Improve this question
6
  • 2
    Next time, please do not post pictures of text. It makes it hard (or impossible) to read. Commented May 26, 2022 at 11:30
  • [Genuine] Posting screenshot means I'm presenting a problem from real-world, not something from my memory. A memory can go wrong, we know. [Accuracy] A screenshot represents a piece of atomic and untampered info from my screen, eliminating many possibilities of text lost, which may arise from copy/paste typo or website/browser transfer/display bug. [Context] A screenshot may provide implicit, subtle, or even important context that pure text cannot carry. Commented May 26, 2022 at 14:10
  • 2
    You could copy paste the text into a code snippet, that would look better Commented May 26, 2022 at 14:24
  • 1
    Note you can post a picture and text. The advantages you think a picture has will not disappear if you post text. Commented May 26, 2022 at 14:43
  • I've completely ignored your picture in creating my answer. It added no value for me because it was a picture. Commented May 26, 2022 at 15:02

2 Answers 2

Reset to default
5

If you don't need to worry about the user that owns the files in this share you can use the force user configuration setting to allow Samba users to run commands such as chmod. This will mean that all files will appear to be owned by the account connecting to the share (i.e. if Alice and Bob both connect to the share, Alice will see that she owns all the files, and Bob will also see that he owns all the files), but as a result anyone can run chmod.

Example, assuming that shareuser is a valid user account on your Samba server, that sharegroup contains the set of users permitted to access this Share, and that /home/_share exists and is owned by shareuser with permissions of at least 0700:

[Share]
    comment = Everyone owns these files
    path = /home/_share
    browseable = yes
    read only = no
    guest ok = no
    force user = shareuser
    valid users = "@sharegroup"
    ; vfs objects = acl_xattr recycle catia

Or one that I haven't tested, which allows for guest users:

[Share]
    comment = Everyone owns these files
    path = /home/_share
    browseable = yes
    read only = no
    guest ok = yes
    force user = shareuser

In a domain joined context, it's even possible to have Samba act on files with true Windows ACLs and ownerships. For example, in the Windows world it's possible for a group to own files and have permissions to change access rights, etc. Seeing as you have guest ok = yes in your context I suspect this isn't relevant, but I'm mentioning it for potential future readers.

On the other hand, if you really do mean, "how can I write my smb.conf so that any user on the RasPi can do chmod +x on that file" [my italics for emphasis] then you should know that the smb.conf configuration file is irrelevant for users on the Pi itself. Local UNIX/Linux controls apply to users on the Pi and thus you cannot run chmod on files that you don't own.

Improve this answer
1
  • Thank you. force user = chj2 solves my real-world problem, because I can control that chmod +x is issued via a SSH login session from chj2. Commented May 26, 2022 at 13:36
3

so that any user on the RasPi can do chmod +x on that file.

You can't. Not with the regular unixy permission bits anyway, but see @roaima's answer too.

From the Linux chmod() system call man page:

The effective UID of the calling process must match the owner of the file, or the process must be privileged

Failing that, it gives the error code EPERM, corresponding to the message "Operation not permitted".

If you're on a Linux desktop distribution, you probably have the GNU toolset. The GNU man page for the chmod command line tool doesn't seem to mention the required permissions, but it is mentioned on the info page.

Improve this answer
6
  • 1
    This is a GNU program, so the man page isn’t the reference documentation; the chmod info page mentions that “Only a process whose effective user ID matches the user ID of the file, or a process with appropriate privileges, is permitted to change the file mode bits of a file.” Commented May 26, 2022 at 12:55
  • @StephenKitt, well yeah, though one could wonder if the required permissions are an obscure enough issue to hide in the reference documentation... At the same time, the man page does contain such all-useful tidbits as the note that "For regular files on some older systems, the [+t] bit saves the program's text image on the swap device so it will load more quickly when run; this is called the sticky bit." Commented May 26, 2022 at 13:03
  • This isn't strictly and necessarily true for a file on a Samba share. With Windows ACL emulation, a group can have ownership and therefore rights to change metadata such as permissions Commented May 26, 2022 at 13:10
  • 1
    @ilkkachu Samba tries very hard to look like a Windows server system. Mostly it handles this exceedingly well. What gets, uh, complicated is when you have users on your UNIX/Linux system accessing/modifying local files that are also available through a Samba network share. UNIX/Linux permission bits apply to local users but Samba-ised Windows ACLs can apply to the remote users. At this point you have to take a pragmatic approach that can involve breaking the expection of Windows permissions for your remote users Commented May 26, 2022 at 13:39
  • 1
    @ilkkachu I agree, the information included in GNU man pages compared to their info pages does tend to be … somewhat random. (That’s often also true of non-GNU man pages, but there isn’t an info page to compare to!) Commented May 26, 2022 at 13:49

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.