HPE Community
Operating System - HP-UX
1819856 Members
2522 Online
109607 Solutions
New Discussion юеВ

cifsmount only available to root user

 
SOLVED
Go to solution
Keith Robillard
Occasional Contributor

тАО05-27-2011 12:00 PM

тАО05-27-2011 12:00 PM

cifsmount only available to root user

I have an 11.31 build with these products installed:

[root@server:/root] # uname -a
HP-UX dhbdadb1 B.11.31 U ia64 0731591512 unlimited-user license

[root@server:/root] # swlist -l product|grep -i cifs
CIFS-CFSM A.02.03.04 HP CIFS File System Module
CIFS-Client A.02.02.02 HP CIFS Client
CIFS-Development A.02.03.04 HP CIFS Server Source Code Files
CIFS-Server A.02.03.04 HP CIFS Server (Samba) File and Print Services

I have a cifsmount /test from a windows server. Root is able to access the filesystem normally with no restrictions, while other users can not.


[root@server:/root] # bdf /test
Filesystem kbytes used avail %used Mounted on
windowserver.company.com:/share
1610604540 1226209852 384394688 76% /test

[root@server:/root] # cifslist
Mounted Object Mountpoint State
-------------------------------------------------------------------------------
\\windowserver.company.com\share /test MS
===============================================================================
Server Local User Remote User Domain State
-------------------------------------------------------------------------------
windowserver.company.com root phbpadb1_user LS

[root@server:/root] # cd /test

See how everything is wide open. Root has full access to everything.

[root@server:/test] # ls -al
total 3124
drwxrwxrwx 2 root sys 131072 May 27 15:03 .
drwxrwxrwx 23 root root 8192 May 26 16:25 ..
drwxrwxrwx 2 root sys 131072 Apr 13 10:21 MDT
-rwxrwxrwx 1 root sys 47620 May 20 06:37 Materials.xlsx
-rwxrwxrwx 1 root sys 1537024 Mar 8 13:40 Center Feed.xls

But as a regular user, I can see the bdf of /test but that's it. I can't even get a listing of the mount point permissions.

$ id
uid=129(test) gid=20(users)
$ bdf /test
Filesystem kbytes used avail %used Mounted on
windowserver.company.com:/share
1610604540 1226209852 384394688 76% /test
$ cd /test
sh: /test: Permission denied.
$ ls -al /test
/test not found
$ cd /
$ ls -al
./test not found
total 16308
drwxrwxrwx 23 root root 8192 May 26 16:25 .
drwxrwxrwx 23 root root 8192 May 26 16:25 ..
drwxr-xr-x 5 root sys 96 Jun 21 2010 .sw
drwx------ 2 root sys 96 Apr 20 2010 SD_CDROM
lr-xr-xr-x 1 bin bin 8 Apr 19 2010 bin -> /usr/bin
-rw-r--r-- 1 root root 2013 Jun 15 2010 chmods.txt
-rw------- 1 root root 8232240 Jan 19 01:18 core
dr-xr-xr-x 23 bin bin 8192 Apr 12 12:13 dev
-rw-r--r-- 1 root sys 578 Jan 19 00:57 diskaldata
dr-xr-xr-x 37 bin bin 8192 May 27 14:13 etc
drwxr-xr-x 28 root root 1024 Apr 11 04:58 home
drwxr-xr-x 2 root sys 96 May 4 2010 iuxcdrom0
lr-xr-xr-x 1 bin bin 8 Apr 19 2010 lib -> /usr/lib
drwxr-xr-x 2 root root 96 Apr 19 2010 lost+found
dr-xr-xr-x 1 root root 1 Apr 12 12:13 net
dr-xr-xr-x 95 bin bin 8192 May 12 2010 opt
drwxrwxrwx 8 orabda dba 1024 Apr 26 2010 oracle
drwx------ 7 root sys 8192 May 27 14:58 root
drwxrwxrwx 4 root sys 96 Apr 22 2010 sapmnt
dr-xr-xr-x 17 bin bin 8192 Apr 20 2010 sbin
dr-xr-xr-x 9 bin bin 8192 Apr 12 12:13 stand
drwxr-xr-x 2 root sys 96 Jan 10 09:41 temp
drwxr-xr-x 2 root sys 96 May 26 16:25 test1
drwxr-xr-x 2 root sys 96 Mar 17 13:51 test2
drwxrwxrwt 74 root root 16384 May 27 15:02 tmp
dr-xr-xr-x 26 bin bin 8192 Apr 25 15:59 usr
dr-xr-xr-x 31 bin bin 8192 May 3 2010 var
$




How do I add test user the ability to see the contents?
0 Kudos
Reply
3 REPLIES 3
Matti_Kurkela
Honored Contributor

тАО05-28-2011 08:41 AM

тАО05-28-2011 08:41 AM

Solution

Re: cifsmount only available to root user

If you mounted windowserver.company.com:/share to /test as root using "cifsmount -U phbpadb1_user", it also implicitly executed a cifslogin command for root.

This established a mapping: "when root wants to do something with /test, send the request to windowserver.company.com:/share using the credentials of Windows user phbpadb1_user."

But your regular user has not executed a cifslogin, so there is no mapping between of his/her Unix identity and any Windows identity at all. Your regular user is a non-person for Windows.

In terms of HP CIFS Client, a Unix user that has not executed "cifslogin" (either implicitly or explicitly) is called a "guest". (Note: this is *not* related to "guest account" or "guest access" settings on the Windows side.)

If you want guest users to be able to access the Windows shares, you must configure two parameters in your CIFS Client configuration file /etc/opt/cifsclient/cifsclient.cfg. These parameters are "guestRemoteUser" and "guestPassword". These will be the Windows username and password used when a guest attempts to access the mounted Windows share(s). For more information, see chapter 7 of the CIFS Client Administrator's Guide.

Alternatively, you could use "cifslogin -s" or "cifsdb" commands to store a permanent Windows password record and a (Unix user -> Windows user) mapping for your regular user.

MK
MK
Reply
Keith Robillard
Occasional Contributor

тАО06-01-2011 05:40 AM

тАО06-01-2011 05:40 AM

Re: cifsmount only available to root user

this works perfectly. thank you.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО06-01-2011 05:52 AM

тАО06-01-2011 05:52 AM

Re: cifsmount only available to root user

Shalom,

You can use sudo to give certain commands such as mount or cifsmount to any user you want.

You could also merely change permissions on the directory involved.

You really though need to do a net join to the Windows domain and let the Windows Domain controller take care of user permissions.

This will require a user with administrative powers on the windows domain controller.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.