System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Mounting windows share in linux and accessing those shares through SFTP configured in Linux

senthil_kumar_1
Super Advisor

Mounting windows share in linux and accessing those shares through SFTP configured in Linux

Hi All,

 

I would like to access Netapp filer CIFS share (Filer configured with AD) thorugh SFTP from outside...

 

To achieve this, we are using Redhat linux server as it is coming with SFTP configured defaultly, and we have mounted Netapp CIFS share on linux server using AD administrator account...

 

It is mounted, But all the files and directories are having "root" as owner name and group name...And permission is RWX for owner, group and others.

 

 

For example:

 

drwxrwxrwx 1 root root   4096 Aug  8 11:29 DCO
-rwxrwSrwx 1 root root  13824 May 15  2009 email-exclusion-list.xls
-rwxrwSrwx 1 root root 400896 Oct  2  2010 emdlagfiler1_home.xls
-rwxrwSrwx 1 root root 555520 Mar 11  2009 Feb 09 2009 Active Server List.xls
-rwxrwSrwx 1 root root  55346 Feb  6  2010 File.xls
drwxrwxrwx 1 root root   4096 Jul 15  2010 Lotus Projects
drwxrwxrwx 1 root root   4096 Sep 14  2010 Power Outage Plan

 

 

How to have the same AD owner name and group name and other permissionS?

2 REPLIES
Matti_Kurkela
Honored Contributor

Re: Mounting windows share in linux and accessing those shares through SFTP configured in Linux

Sorry, but the Linux CIFS filesystem support does not include the translation of Windows users/groups/permissions to Unix/Linux-style users/groups/permissions. For Linux users and their applications, the CIFS filesystem is presented sort of like a VFAT filesystem: since there are no POSIX-compatible user/group/permission information, the filesystem driver just puts something in as a placeholder, instead of the real native permissions.

 

However, you can use mount options (uid=<username>, gid=<group>, file_mode=<value>,dir_mode=<value>) to adjust the user/group names and permissions presented on Linux when accessing the CIFS filesystem. Since this presentation uses Unix-style UID and GID numbers internally, they must refer to user/group that actually exists in the Linux system.

 

No matter what permissions you set, the actual access will still be restricted according to the permissions of the Windows user account you're using to mount the CIFS filesystem. (But if you are using an Administrator account, there obviously will be no restrictions.)

 

To present the native Windows permissions on a CIFS-mounted filesystem to Linux applications, several things would be required:

  1. The Windows user and group UUIDs would have to be mapped to Unix-style UID and GID numbers, and those numbers should map to human-readable user and group names. This could be done by adding Unix-style UID/GID information to your AD, using the tools in Microsoft "Services for Unix" package, and configuring your Linux system to use LDAP/winbind lookup modules to get the user/group name information from AD. To have access to this information, the Linux server would have to be registered as a domain member in the AD; Samba can do that.
  2. The Linux CIFS filesystem driver should be aware of this mapping information and use it in presenting the mounted filesystem. Sadly, this part is not currently implemented (as far as I know). 
  3. As an alternative to 2.), the file server could support the "Unix extension" of the CIFS protocol and provide the Unix-style UID/GID/permission information that way. Sadly, although Netapp was one of the developers of the CIFS Unix extension, it is apparently not implemented (yet?) in the OnTap soft/firmware of Netapp filers. The Linux CIFS filesystem driver already supports the Unix extension.
MK
HP-UX-OS
Occasional Contributor

Re: Mounting windows share in linux and accessing those shares through SFTP configured in Linux

Here is one example you can use for mounting a window share to Red hat linux through CIFS:

mount -t cifs //window-system/share /linux/mount-point -o uid=owner,gid=owner,username=test password=xxxx,domain=your-domain,dir_mode=0755, file_mode=0444,noexec,nosuid

note: uid and gid are the ones you want on Linux side

username and password is the on the window share side

modes are permissions on Linux side, yes the ones you preferred

 

on Linux side one can tighten permission based on window's, but one can not grant more permission than that on window's.