no write permission on cifs mount

Posted on 2013-06-04
Last Modified: 2013-06-15
I am trying to cifs mount a remote samba mount: //OHPRSstorage/marks on local folder /mnt/tmp. No matter what I try, when a local user tries to create a file in /mnt/tmp he gets the message:

$ touch /mnt/tmp/wertwet
touch: cannot touch `/mnt/tmp/wertwet': Permission denied

However, it does create the file (so why does it say permission denied?) but with permissions:

$ ls -l /mnt/tmp/wertwet
-rw-r----- 1 ohprso ohprs  0 2013-06-05 00:44 wertwet

The user cannot modify the file, but if the file's group permissions are changed to rw, the user can then modify the file.

On the local host I have tried:

mount.cifs //OHPRSstorage/marks /mnt/tmp -o rw,guest,uid=ohprso,gid=ohprs,file_mode=0660,dir_mode=0771

mount.cifs //OHPRSstorage/marks /mnt/tmp -o rw,username=nobody,guest,uid=ohprso,gid=ohprs,file_mode=0660,dir_mode=0771

and numerous other permutations.

On the OHPRSstorage host, the smb.conf entries are

netbios name = OHPRSSTORAGE
   workgroup = WORKGROUP
   security = share
   hosts allow = 192.168.0. 127.
load printers = no
printcap name = /dev/null
printing = bsd
disable spoolss = yes
   log file = /var/log/samba.%m
   max log size = 50
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   dns proxy = no

path = /mnt/hd
public = yes
guest ok = yes
guest only = yes
writeable = yes
browseable= yes
printable = no
create mask = 0660
force create mode = 0660
directory mask = 0771

Open in new window

the target directory OHPRSstorage:/mnt/hd has the following permissions:

drwxrwxrwx 2 nobody nogroup 4096 2013-06-05 00:48 hd/

I'm using Samba version 3.5.8 and mount.cifs version 5.6

I've been working on this for 2 days and am completely out of ideas. How can I get files created on the cifs mount to have 0660 permissions, not 0640?
Question by:jmarkfoley
  • 5

Author Comment

ID: 39221221
Some progress. I'm beginning to assume that the default 'guest' account specified in smb.conf -- which defaults to nobody.nogroup -- is for guest/read-ony access only (although I was able to create the file despite the permission denied message). Can someone confirm?

I've changed the hosting computer's smb.conf to add the line:

guest account = ohprso

and I've added an ohprso user to the hosting computer. I then did

$ chown -R ohprso /mnt/hd       # this is the samba path

on the hosting computer.

On the local computer, I did:

mount.cifs //OHPRSstorage/marks -o rw,user=ohprso,guest,gid=ohprs,file_mode=0660 /mnt/tmp

This actually allows users to create and modify files with no permission denied mesage.  HOWEVER, it *STILL* ignores the file_mode=0660 in the mount.cifs command and the create mask = 0660 in the smb.conf, and continues to create the files with 0640!!!! The user can chmod g+w successfully, but this is not desirable. If I also specify uid=whoever it puts me back to the permission denied status.

Still need help on this. How to get 0660 permissions? Why is file_mode and create mask ignored?

Author Comment

ID: 39221252
I'm wrong. the uid for ohprso on the remote computer happened to correspond to the uid for the local user, therefore the files got created by the local user. If a different local user tried to create the file, same permission denied message. So, back to square one.

I'm beginning to think Samba doesn't really work as advertised.
LVL 32

Expert Comment

ID: 39224603
What's the log file say?
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.


Expert Comment

ID: 39224802
Try echo x > file instead of touch file.
Maybe the error message comes from the fact that the program can create the file, but cannot change the timestamp.
This won't solve your main issue, but explain one of the mysteries.

Author Comment

ID: 39225543
DrDamnit: > What's the log file say?

No entry at all.

msifox: I tried echo and was kicked out immediately with Permission denied. It did create the empty file though. I also tried emacs and likewise, it would not save the file, but did create it. In both cases 0640 permissions.

If I have the same uid on the local host as the guest account's on the samba host, it can read and write the files, but still with 0640 even though I believe 0660 is specified everywhere.

The requirement seems simple: do a samba mount that anyone can read/write w/o having to have all users listed in the remote password file.

I'm thinking of reverting to nfs!

Accepted Solution

jmarkfoley earned 0 total points
ID: 39233287
Problem solved. As I thought, the resolution is to use NFS, not CIFS. CIFS works great for Windows mounting samba -- it even gives it the 0660/0771 permissions that I specifiy in the smb.conf file. Unix-to-Unix, however, is another story. After doing more googling I've found that numerous people have the same problem trying to cifs mount a remote unix folder on unix. None of these threads I've perused have any resolution. I finally tried NFS and it seems to work just fine. Here's my solution:

On the hosting computer: I have a md RAID filesystem mounted at /mnt/RAID. This filesystem contains several directories, one of which is 'n'.

In the hosting /etc/exports I added the entry:

You can read the exports man page for details on these options, but basically, the 'squash' options cause any connecting user (including root) to re-map to the "anonymous" user's id and group. The anaonuid and anongid options specify what the anonymous user's uid and gid, respectively, will be. These ids correspond to a particular user and group on the remote connecting computers AND, most importantly, they correspond the the user and group of the 'guest' account specified in the local smb.conf. This way, whether a user is connecting from a Windows workstation using samba, or a linux host using nfs, they will all access this mount as the same user/group.

Finally, on the hosting computer, I made /etc/rc.d/rc.nfsd executable and ran:
/etc/rc.d/rc.nfsd start

On the remote, mounting host:
I added the following to /etc/fstab, where "ohprsstorage" is the hostname of the hosting computer:

ohprsstorage:/mnt/RAID/n   /mnt/n     nfs  nfsvers=3,rw   0  0

I made /etc/rc.d.rc.rpc executable and ran:

$ /etc/rc.d/rc.rpc start
$ mount /mnt/n

It all seems to be working fine. My user's umask on the remote mounting host is 0007, and files I create on the nfs mounted directory get created with 0664 (I still want 0660, but no big deal for the moment), and with the userid and groupid specified in the exports file. No 'permission denied' or 0640 permissions making it impossible for me to create or update files. I have group r/w permissions for the 10001.301 user so only linux users with group permission can access the nfs mounted files ... just like a real Unix filesystem!

I'll leave this open a bit longer for any final thought, refutations, smirks, etc.

Author Closing Comment

ID: 39249765
I figured out a solution.

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now