Solved

no write permission on cifs mount

Posted on 2013-06-04
7
1,287 Views
Last Modified: 2013-06-15
I am trying to cifs mount a remote samba mount: //OHPRSstorage/marks on local folder /mnt/tmp. No matter what I try, when a local user tries to create a file in /mnt/tmp he gets the message:

$ touch /mnt/tmp/wertwet
touch: cannot touch `/mnt/tmp/wertwet': Permission denied

However, it does create the file (so why does it say permission denied?) but with permissions:

$ ls -l /mnt/tmp/wertwet
-rw-r----- 1 ohprso ohprs  0 2013-06-05 00:44 wertwet

The user cannot modify the file, but if the file's group permissions are changed to rw, the user can then modify the file.

On the local host I have tried:

mount.cifs //OHPRSstorage/marks /mnt/tmp -o rw,guest,uid=ohprso,gid=ohprs,file_mode=0660,dir_mode=0771

mount.cifs //OHPRSstorage/marks /mnt/tmp -o rw,username=nobody,guest,uid=ohprso,gid=ohprs,file_mode=0660,dir_mode=0771

and numerous other permutations.

On the OHPRSstorage host, the smb.conf entries are

netbios name = OHPRSSTORAGE
   workgroup = WORKGROUP
   security = share
   hosts allow = 192.168.0. 127.
load printers = no
printcap name = /dev/null
printing = bsd
disable spoolss = yes
   log file = /var/log/samba.%m
   max log size = 50
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   dns proxy = no

[marks]
path = /mnt/hd
public = yes
guest ok = yes
guest only = yes
writeable = yes
browseable= yes
printable = no
create mask = 0660
force create mode = 0660
directory mask = 0771

Open in new window

the target directory OHPRSstorage:/mnt/hd has the following permissions:

drwxrwxrwx 2 nobody nogroup 4096 2013-06-05 00:48 hd/

I'm using Samba version 3.5.8 and mount.cifs version 5.6

I've been working on this for 2 days and am completely out of ideas. How can I get files created on the cifs mount to have 0660 permissions, not 0640?
0
Comment
Question by:jmarkfoley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
7 Comments
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39221221
Some progress. I'm beginning to assume that the default 'guest' account specified in smb.conf -- which defaults to nobody.nogroup -- is for guest/read-ony access only (although I was able to create the file despite the permission denied message). Can someone confirm?

I've changed the hosting computer's smb.conf to add the line:

guest account = ohprso

and I've added an ohprso user to the hosting computer. I then did

$ chown -R ohprso /mnt/hd       # this is the samba path

on the hosting computer.

On the local computer, I did:

mount.cifs //OHPRSstorage/marks -o rw,user=ohprso,guest,gid=ohprs,file_mode=0660 /mnt/tmp

This actually allows users to create and modify files with no permission denied mesage.  HOWEVER, it *STILL* ignores the file_mode=0660 in the mount.cifs command and the create mask = 0660 in the smb.conf, and continues to create the files with 0640!!!! The user can chmod g+w successfully, but this is not desirable. If I also specify uid=whoever it puts me back to the permission denied status.

Still need help on this. How to get 0660 permissions? Why is file_mode and create mask ignored?
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39221252
I'm wrong. the uid for ohprso on the remote computer happened to correspond to the uid for the local user, therefore the files got created by the local user. If a different local user tried to create the file, same permission denied message. So, back to square one.

I'm beginning to think Samba doesn't really work as advertised.
0
 
LVL 32

Expert Comment

by:DrDamnit
ID: 39224603
What's the log file say?
/var/log/samba.%m
0
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 
LVL 7

Expert Comment

by:msifox
ID: 39224802
Try echo x > file instead of touch file.
Maybe the error message comes from the fact that the program can create the file, but cannot change the timestamp.
This won't solve your main issue, but explain one of the mysteries.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39225543
DrDamnit: > What's the log file say?

No entry at all.

msifox: I tried echo and was kicked out immediately with Permission denied. It did create the empty file though. I also tried emacs and likewise, it would not save the file, but did create it. In both cases 0640 permissions.

If I have the same uid on the local host as the guest account's on the samba host, it can read and write the files, but still with 0640 even though I believe 0660 is specified everywhere.

The requirement seems simple: do a samba mount that anyone can read/write w/o having to have all users listed in the remote password file.

I'm thinking of reverting to nfs!
0
 
LVL 1

Accepted Solution

by:
jmarkfoley earned 0 total points
ID: 39233287
Problem solved. As I thought, the resolution is to use NFS, not CIFS. CIFS works great for Windows mounting samba -- it even gives it the 0660/0771 permissions that I specifiy in the smb.conf file. Unix-to-Unix, however, is another story. After doing more googling I've found that numerous people have the same problem trying to cifs mount a remote unix folder on unix. None of these threads I've perused have any resolution. I finally tried NFS and it seems to work just fine. Here's my solution:

On the hosting computer: I have a md RAID filesystem mounted at /mnt/RAID. This filesystem contains several directories, one of which is 'n'.

In the hosting /etc/exports I added the entry:
/mnt/RAID    192.168.0.0/24(rw,root_squash,all_squash,anonuid=1001,anongid=301)

You can read the exports man page for details on these options, but basically, the 'squash' options cause any connecting user (including root) to re-map to the "anonymous" user's id and group. The anaonuid and anongid options specify what the anonymous user's uid and gid, respectively, will be. These ids correspond to a particular user and group on the remote connecting computers AND, most importantly, they correspond the the user and group of the 'guest' account specified in the local smb.conf. This way, whether a user is connecting from a Windows workstation using samba, or a linux host using nfs, they will all access this mount as the same user/group.

Finally, on the hosting computer, I made /etc/rc.d/rc.nfsd executable and ran:
/etc/rc.d/rc.nfsd start

On the remote, mounting host:
I added the following to /etc/fstab, where "ohprsstorage" is the hostname of the hosting computer:

ohprsstorage:/mnt/RAID/n   /mnt/n     nfs  nfsvers=3,rw   0  0

I made /etc/rc.d.rc.rpc executable and ran:

$ /etc/rc.d/rc.rpc start
$ mount /mnt/n

It all seems to be working fine. My user's umask on the remote mounting host is 0007, and files I create on the nfs mounted directory get created with 0664 (I still want 0660, but no big deal for the moment), and with the userid and groupid specified in the exports file. No 'permission denied' or 0640 permissions making it impossible for me to create or update files. I have group r/w permissions for the 10001.301 user so only linux users with group permission can access the nfs mounted files ... just like a real Unix filesystem!

I'll leave this open a bit longer for any final thought, refutations, smirks, etc.
0
 
LVL 1

Author Closing Comment

by:jmarkfoley
ID: 39249765
I figured out a solution.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question