Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


no write permission on cifs mount

Posted on 2013-06-04
Medium Priority
Last Modified: 2013-06-15
I am trying to cifs mount a remote samba mount: //OHPRSstorage/marks on local folder /mnt/tmp. No matter what I try, when a local user tries to create a file in /mnt/tmp he gets the message:

$ touch /mnt/tmp/wertwet
touch: cannot touch `/mnt/tmp/wertwet': Permission denied

However, it does create the file (so why does it say permission denied?) but with permissions:

$ ls -l /mnt/tmp/wertwet
-rw-r----- 1 ohprso ohprs  0 2013-06-05 00:44 wertwet

The user cannot modify the file, but if the file's group permissions are changed to rw, the user can then modify the file.

On the local host I have tried:

mount.cifs //OHPRSstorage/marks /mnt/tmp -o rw,guest,uid=ohprso,gid=ohprs,file_mode=0660,dir_mode=0771

mount.cifs //OHPRSstorage/marks /mnt/tmp -o rw,username=nobody,guest,uid=ohprso,gid=ohprs,file_mode=0660,dir_mode=0771

and numerous other permutations.

On the OHPRSstorage host, the smb.conf entries are

netbios name = OHPRSSTORAGE
   workgroup = WORKGROUP
   security = share
   hosts allow = 192.168.0. 127.
load printers = no
printcap name = /dev/null
printing = bsd
disable spoolss = yes
   log file = /var/log/samba.%m
   max log size = 50
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   dns proxy = no

path = /mnt/hd
public = yes
guest ok = yes
guest only = yes
writeable = yes
browseable= yes
printable = no
create mask = 0660
force create mode = 0660
directory mask = 0771

Open in new window

the target directory OHPRSstorage:/mnt/hd has the following permissions:

drwxrwxrwx 2 nobody nogroup 4096 2013-06-05 00:48 hd/

I'm using Samba version 3.5.8 and mount.cifs version 5.6

I've been working on this for 2 days and am completely out of ideas. How can I get files created on the cifs mount to have 0660 permissions, not 0640?
Question by:jmarkfoley
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5

Author Comment

ID: 39221221
Some progress. I'm beginning to assume that the default 'guest' account specified in smb.conf -- which defaults to nobody.nogroup -- is for guest/read-ony access only (although I was able to create the file despite the permission denied message). Can someone confirm?

I've changed the hosting computer's smb.conf to add the line:

guest account = ohprso

and I've added an ohprso user to the hosting computer. I then did

$ chown -R ohprso /mnt/hd       # this is the samba path

on the hosting computer.

On the local computer, I did:

mount.cifs //OHPRSstorage/marks -o rw,user=ohprso,guest,gid=ohprs,file_mode=0660 /mnt/tmp

This actually allows users to create and modify files with no permission denied mesage.  HOWEVER, it *STILL* ignores the file_mode=0660 in the mount.cifs command and the create mask = 0660 in the smb.conf, and continues to create the files with 0640!!!! The user can chmod g+w successfully, but this is not desirable. If I also specify uid=whoever it puts me back to the permission denied status.

Still need help on this. How to get 0660 permissions? Why is file_mode and create mask ignored?

Author Comment

ID: 39221252
I'm wrong. the uid for ohprso on the remote computer happened to correspond to the uid for the local user, therefore the files got created by the local user. If a different local user tried to create the file, same permission denied message. So, back to square one.

I'm beginning to think Samba doesn't really work as advertised.
LVL 32

Expert Comment

ID: 39224603
What's the log file say?
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.


Expert Comment

ID: 39224802
Try echo x > file instead of touch file.
Maybe the error message comes from the fact that the program can create the file, but cannot change the timestamp.
This won't solve your main issue, but explain one of the mysteries.

Author Comment

ID: 39225543
DrDamnit: > What's the log file say?

No entry at all.

msifox: I tried echo and was kicked out immediately with Permission denied. It did create the empty file though. I also tried emacs and likewise, it would not save the file, but did create it. In both cases 0640 permissions.

If I have the same uid on the local host as the guest account's on the samba host, it can read and write the files, but still with 0640 even though I believe 0660 is specified everywhere.

The requirement seems simple: do a samba mount that anyone can read/write w/o having to have all users listed in the remote password file.

I'm thinking of reverting to nfs!

Accepted Solution

jmarkfoley earned 0 total points
ID: 39233287
Problem solved. As I thought, the resolution is to use NFS, not CIFS. CIFS works great for Windows mounting samba -- it even gives it the 0660/0771 permissions that I specifiy in the smb.conf file. Unix-to-Unix, however, is another story. After doing more googling I've found that numerous people have the same problem trying to cifs mount a remote unix folder on unix. None of these threads I've perused have any resolution. I finally tried NFS and it seems to work just fine. Here's my solution:

On the hosting computer: I have a md RAID filesystem mounted at /mnt/RAID. This filesystem contains several directories, one of which is 'n'.

In the hosting /etc/exports I added the entry:

You can read the exports man page for details on these options, but basically, the 'squash' options cause any connecting user (including root) to re-map to the "anonymous" user's id and group. The anaonuid and anongid options specify what the anonymous user's uid and gid, respectively, will be. These ids correspond to a particular user and group on the remote connecting computers AND, most importantly, they correspond the the user and group of the 'guest' account specified in the local smb.conf. This way, whether a user is connecting from a Windows workstation using samba, or a linux host using nfs, they will all access this mount as the same user/group.

Finally, on the hosting computer, I made /etc/rc.d/rc.nfsd executable and ran:
/etc/rc.d/rc.nfsd start

On the remote, mounting host:
I added the following to /etc/fstab, where "ohprsstorage" is the hostname of the hosting computer:

ohprsstorage:/mnt/RAID/n   /mnt/n     nfs  nfsvers=3,rw   0  0

I made /etc/rc.d.rc.rpc executable and ran:

$ /etc/rc.d/rc.rpc start
$ mount /mnt/n

It all seems to be working fine. My user's umask on the remote mounting host is 0007, and files I create on the nfs mounted directory get created with 0664 (I still want 0660, but no big deal for the moment), and with the userid and groupid specified in the exports file. No 'permission denied' or 0640 permissions making it impossible for me to create or update files. I have group r/w permissions for the 10001.301 user so only linux users with group permission can access the nfs mounted files ... just like a real Unix filesystem!

I'll leave this open a bit longer for any final thought, refutations, smirks, etc.

Author Closing Comment

ID: 39249765
I figured out a solution.

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question