Operating System - Linux
1830172 Members
2782 Online
109999 Solutions
New Discussion

Samba frustration root cant mount regular user gets wrong permissions

 
SOLVED
Go to solution
Steven E. Protter
Exalted Contributor

Samba frustration root cant mount regular user gets wrong permissions

Supposedly simple situation between two boxes.

Client: Red Hat ES 3. Samba 3.0.9
Server: Fedora Core 2 Samba 3.0.10

client ip 192.168.0.40
server ip 192.168.0.20

mount line from /etc/fstab

//192.168.0.20/web /webtemp smbfs credentials=/etc/.smbpasswd 0 0
//192.168.0.20/web /webroot smbfs credentials=/etc/.rootsmbpasswd 0 0


the /etc/.smbpasswd file has two things in it
username=invest
password=password_for_user_invest

mount /webtemp

Works just fine.

One problem. All the files are owned by root. Except invest is a valid user and should own files on the server. The user id numeric is the same on both systems.

mount /webroot

[root@jerusalem /]# mount /webroot
17997: session setup failed: ERRDOS - ERRnoaccess (Access denied.)
SMB connection failed

the /etc/.rootsmbpasswd file
contains root credentials.

I'm attaching the smb.conf file. I would like a methodology to mount this filesystem in /etc/fstab and have permissions on the mount drive match those on the server.

user invest on the server
[invest@ashdod investmenttool]$ id
uid=500(invest) gid=104(web) groups=104(web)

user invest on the client
[invest@jerusalem investmenttool]$ id
uid=500(invest) gid=104(web) groups=104(web)

Bunny for a solution. I want to stop using NFS.

Get this: root user on an hp9000 can mount using hp-ux methodology and gets correct perms. I think this is because cifsclient really sits on top of nfs.client with hp-ux.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
50 REPLIES 50
Vitaly Karasik_1
Honored Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

IMO, you should use "uid" in order to "set the uid that will own all files on the mounted filesystem." - see smbmount manpage.

Rgds,
Vitaly
PS: I like your hostname!
Fred Ruffet
Honored Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

with mount options :
mount -o uid=xxx,gid=yyy # will set mount point owner to xxx:yyy
mount -o setuid=xxx,setgid=yyy # will set every file under mount point to this user:group

with smbmount options :
uid=xxx and gid=yyy # will set every file under mount point to this user:group

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
Steven E. Protter
Exalted Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

I'll give it a try when I get a moment.

Any reason why root can't do it based on the config file?

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Steven E. Protter
Exalted Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

Are you basically saying that I have to build a different mount command for each user?

My nfs/samba share on the server shares a folder called /web

Under web are dozens of websites each owned by a different user. NFS mounts correctly reflect permissions on the server. Samba mounts do not.

This seems like a configuration error with samba on the server. Doesn't it?

????

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Steven E. Protter
Exalted Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

Tried the suggestion.

Root owns anything.

If I ssh over to the samba server permissions are correct and respected.

If I connect to the samba server with a windows client, permissions are correct and respected.

??????????????????????

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Steven E. Protter
Exalted Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

Resolved the most minor and trivial of the issues and came up with an item of note.

I added root as a valid user to the smbpasswd file on the samba server.

My old methodology which involved smbpasswd -a username password does not work for Samba 3. I had to do it on the commandline and put the password in twice.

So, now root can mount.

So I decided to conduct a little experiment.

I mounted a samba share from the client as root

I changed directories to a test directory:

cd /web/steveT

touch testfile

Naturally the file was owned by root.

chown invest:web testfile

That should work right?

No:

chown: changing the ownership of 'testfile' not permitted.

I mounted the same share three times:

Once with NFS
second /webroot with samba as root
third /webtemp with samba as invest

su - invest

cd /
touch steve232
Permission denied.

Something must be wrong with the smb.conf file. Hopefully it won't take a Kosher steak dinner to get someone to read the file and make a suggestion, but if necessary....

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Steven E. Protter
Exalted Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

Ping:

Why does the windows samba client get proper permissions but RH does not.

Will be doing some testing with a RH laptop to see if Fedora Core 3 is a better client than RH ES 3.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Fred Ruffet
Honored Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

Have you tried shangig security smb.conf parameter from user to share ?

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
Steven E. Protter
Exalted Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

Fred,

You are a mind reader. I was thinking the same thing all weekend but did not get around to trying it.

I will do so in the next 24 hours. G-d willing.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Steven E. Protter
Exalted Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

Apparently at some point over the weekend I actually tried security = share

Restarted the daemon again this morning and tested it. Same results.

Perhaps a password server. Let the FC2 box be the password server? Looks like that option is for NT based servers.

Suggestions welcome and rewarded.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Fred Ruffet
Honored Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

Something sounds strange. Here I extract your global section from provided smb.conf :
workgroup = napro
server string = Samba DATA Server
hosts allow = 192.168.0. 127.
printcap name = /etc/printcap
load printers = yes
log file = /var/log/samba/%m.log
max log size = 50
security = user
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
domain master = no
preferred master = no
dns proxy = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no

Questions : With this conf, who is doing authentication ? You use a workgroup. Is it a domain ? Is there a PDC ? You use "idmap uid" and "idmap uid" but do not have "idmap backend". Those points doesn't seem clear to me.

If you don't have a PDC in the domain, you should maybe use your samba server as one.

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
Steven E. Protter
Exalted Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

What I've done up to now is let the Samba Server fend for itself.

Its in the napro workgroup so that users on that server who have id's on the Samba server can also attach to and use resources without going through a full procedure to integrate the box into the domain.

About the only feature thats not working properly is permissoins on Samba shares. The same directory is also exported under NFS, a temporary solution so that permissions are correct for my users.

I have resolved the issue of root user not being able to do the samba mount. The syntax of the setup smbpasswd command changed with Samba 3.0.x

So the only annoying thing is that when root mounts the samba share from Linux (windows and hpux works) permissions are incorrect.

How would you suggest I proceed?

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Fred Ruffet
Honored Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

And what is Samba version on HP-UX ? (or CIFS ?) Same as on linux ? Maybe the linux Samba is not able to contact domain, such as HP-UX does. May be a smb problem as well as a network conf...

Regards,

Fred


--

"Reality is just a point of view." (P. K. D.)
Steven E. Protter
Exalted Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

Linux on the server side. Samba 3.10
Linx on the Linux client side 3..0.9 latest from red hat.

HP was tested with the last 2.2 samba/cifs client because thats what was available when I wrote this thread.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Fred Ruffet
Honored Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

In fact, I have here a 2.2.1 on a linux box. Mounting server on itself results in the same error as yours. Have you tried this ? Maybe it's a problem of smbclient on linux...

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
Steven E. Protter
Exalted Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

I think it is a linux samba client error.

I guess I may need to file a bug report. samba.org ????

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Fred Ruffet
Honored Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

In fact, it's hard to believe. I thought samba was developped on linux to access windows share, and then ported to other systems. So if it works on HP, and not on Linux sound strange to me.
If you contact samba.org, let us know of the answer...

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
Steven E. Protter
Exalted Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

I shall keep you in the loop. It was extremely useful that you took the time to actually verify my conclusions. Thats going to get you a bunny.

I'm going to hold off a few days so people don't pass the thread by thinking its solved.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Steven E. Protter
Exalted Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

Fred,

I've logged a Samba bug.

I may ask you to submit configuration information to samba should they request it.

If time zones are compatible, I might be able to allocate some telephone time to playing with this, if you are interested.

Also, my shell account provider, speakeasy.net may have this setup working right on Debian. I'm going to ask if they use NFS or Samba and if its Samba what the config file looks like.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Steven E. Protter
Exalted Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

Red Hat has a samba fix that just got released. I'm going to download, install and re-test.

Fun fun fun!

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Fred Ruffet
Honored Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

Just tell me what info I must subscribe, and where :)

For which version is the patch available ?

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
Steven E. Protter
Exalted Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

I need to run a test to see if this problem was built into FC3.

I was referring to an Red Hat ES 3 patch. I'll get and post the version numbers when I get to patching the box.

Right now I have an itrc post emailing my help desk. See Cheryl's issues thread for a good laugh.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Steven E. Protter
Exalted Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

The answer to Fred's question:

Samba 3.0.9-1..3E.2

You need the client, server and common at minimum.

These will require you to upgrade kerebos.

You need the krb-libs and workstation at minimum, probably a good idea to do server. For good measure, I threw in the latest pam.

I am testing:

sorry for the late points

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Steven E. Protter
Exalted Contributor

Re: Samba frustration root cant mount regular user gets wrong permissions

Patch fixes nothing.

Checking on bugzilla.

Maybe time to contact RH directly.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com