16073 – Winbind can change Ownership Of / To A User Who has Homedir / In passwd

Bug 16073 - Winbind can change Ownership Of / To A User Who has Homedir / In passwd

Summary: Winbind can change Ownership Of / To A User Who has Homedir / In passwd

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Winbind (show other bugs)
Version:	4.24.2
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba release manager
QA Contact:	Samba QA Contact

URL:	https://gitlab.com/samba-team/samba/-...
Keywords:

Duplicates (1):	16074 (view as bug list)
Depends on:
Blocks:

Reported:	2026-05-08 12:31 UTC by Björn Jacke
Modified:	2026-05-26 12:41 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
backport patch for 4.24 and 4.23 and 4.22 (4.58 KB, patch) 2026-05-11 08:19 UTC, Björn Jacke	metze: review+	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Björn Jacke 2026-05-08 12:31:52 UTC

Comment 1 Björn Jacke 2026-05-08 12:38:19 UTC

bug reported by mail from Leigh Chapman:

authselect current

Profile ID: winbind
Enabled features:
- with-mkhomedir


Winbind Config:

/etc/security/pam_winbind.conf
 
[global]
 
require_membership_of=USERADGROUP
mkhomedir = yes
 
The problem:

If I do an su - nobody as user root, the ownership of the RootFs changes to user nobody:nobody

# su - nobody

This account is currently not available.

# ls -al /
total 33
dr-xr-xr-x.  18 nobody nobody  238 Apr 22 09:41 .
dr-xr-xr-x.  18 nobody nobody  238 Apr 22 09:41 ..
 

In fact, any user who has a home directoy as / in /etc/passwd 

egrep 'sssd|nscd|nobody' /etc/passwd
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin
sssd:x:996:993:User for sssd:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin

Comment 2 Björn Jacke 2026-05-08 13:24:21 UTC

*** Bug 16074 has been marked as a duplicate of this bug. ***

Comment 3 Rowland Penny 2026-05-08 15:53:59 UTC

I might be missing something here, but why does a redhat distro seem to be creating users with the entire filesystem as their home directory ?

On Debian, the home directory for 'nobody' is /nonexistent .

Comment 4 Samba QA Contact 2026-05-10 23:23:19 UTC

This bug was referenced in samba master:

79caa6ef08b9b333e17bb0762e95e18e250db463

Comment 5 Björn Jacke 2026-05-11 08:19:35 UTC

Created attachment 18964 [details]
backport patch for 4.24 and 4.23 and 4.22

Comment 6 leigh.chapman 2026-05-12 07:09:00 UTC

(In reply to Björn Jacke from comment #5)
Hi,

thanks for this quick fix. Do you know if RedHat will include this in their distribution ?

Kind Regards
Leigh

Comment 7 Andreas Schneider 2026-05-12 10:49:02 UTC

Leigh, you should talk to your Red Hat support contact.

Comment 8 Samba QA Contact 2026-05-12 14:57:46 UTC

This bug was referenced in samba v4-24-test:

4b8ec478215551f5aa84d8a6f61ceea78c3ca21e

Comment 9 Samba QA Contact 2026-05-12 15:54:43 UTC

This bug was referenced in samba v4-24-stable (Release samba-4.24.2):

4b8ec478215551f5aa84d8a6f61ceea78c3ca21e

Comment 10 Samba QA Contact 2026-05-12 16:10:12 UTC

This bug was referenced in samba v4-22-test:

7e0bdc05237cdf10e5ee22aa884af8337a53607e

Comment 11 Samba QA Contact 2026-05-12 16:46:03 UTC

This bug was referenced in samba v4-23-test:

a7465333e8d54c71308835f9aadd96fcd3fbf849

Comment 12 Samba QA Contact 2026-05-26 12:36:14 UTC

This bug was referenced in samba v4-23-stable (Release samba-4.23.8):

a7465333e8d54c71308835f9aadd96fcd3fbf849

Comment 13 Samba QA Contact 2026-05-26 12:37:30 UTC

This bug was referenced in samba v4-22-stable (Release samba-4.22.10):

7e0bdc05237cdf10e5ee22aa884af8337a53607e