no write permission on cifs mount

Posted on 2013-06-04
Last Modified: 2013-06-15
I am trying to cifs mount a remote samba mount: //OHPRSstorage/marks on local folder /mnt/tmp. No matter what I try, when a local user tries to create a file in /mnt/tmp he gets the message:

$ touch /mnt/tmp/wertwet
touch: cannot touch `/mnt/tmp/wertwet': Permission denied

However, it does create the file (so why does it say permission denied?) but with permissions:

$ ls -l /mnt/tmp/wertwet
-rw-r----- 1 ohprso ohprs  0 2013-06-05 00:44 wertwet

The user cannot modify the file, but if the file's group permissions are changed to rw, the user can then modify the file.

On the local host I have tried:

mount.cifs //OHPRSstorage/marks /mnt/tmp -o rw,guest,uid=ohprso,gid=ohprs,file_mode=0660,dir_mode=0771

mount.cifs //OHPRSstorage/marks /mnt/tmp -o rw,username=nobody,guest,uid=ohprso,gid=ohprs,file_mode=0660,dir_mode=0771

and numerous other permutations.

On the OHPRSstorage host, the smb.conf entries are

netbios name = OHPRSSTORAGE
   workgroup = WORKGROUP
   security = share
   hosts allow = 192.168.0. 127.
load printers = no
printcap name = /dev/null
printing = bsd
disable spoolss = yes
   log file = /var/log/samba.%m
   max log size = 50
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   dns proxy = no

path = /mnt/hd
public = yes
guest ok = yes
guest only = yes
writeable = yes
browseable= yes
printable = no
create mask = 0660
force create mode = 0660
directory mask = 0771

Open in new window

the target directory OHPRSstorage:/mnt/hd has the following permissions:

drwxrwxrwx 2 nobody nogroup 4096 2013-06-05 00:48 hd/

I'm using Samba version 3.5.8 and mount.cifs version 5.6

I've been working on this for 2 days and am completely out of ideas. How can I get files created on the cifs mount to have 0660 permissions, not 0640?
Question by:jmarkfoley
  • 5

Author Comment

ID: 39221221
Some progress. I'm beginning to assume that the default 'guest' account specified in smb.conf -- which defaults to nobody.nogroup -- is for guest/read-ony access only (although I was able to create the file despite the permission denied message). Can someone confirm?

I've changed the hosting computer's smb.conf to add the line:

guest account = ohprso

and I've added an ohprso user to the hosting computer. I then did

$ chown -R ohprso /mnt/hd       # this is the samba path

on the hosting computer.

On the local computer, I did:

mount.cifs //OHPRSstorage/marks -o rw,user=ohprso,guest,gid=ohprs,file_mode=0660 /mnt/tmp

This actually allows users to create and modify files with no permission denied mesage.  HOWEVER, it *STILL* ignores the file_mode=0660 in the mount.cifs command and the create mask = 0660 in the smb.conf, and continues to create the files with 0640!!!! The user can chmod g+w successfully, but this is not desirable. If I also specify uid=whoever it puts me back to the permission denied status.

Still need help on this. How to get 0660 permissions? Why is file_mode and create mask ignored?

Author Comment

ID: 39221252
I'm wrong. the uid for ohprso on the remote computer happened to correspond to the uid for the local user, therefore the files got created by the local user. If a different local user tried to create the file, same permission denied message. So, back to square one.

I'm beginning to think Samba doesn't really work as advertised.
LVL 32

Expert Comment

ID: 39224603
What's the log file say?
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.


Expert Comment

ID: 39224802
Try echo x > file instead of touch file.
Maybe the error message comes from the fact that the program can create the file, but cannot change the timestamp.
This won't solve your main issue, but explain one of the mysteries.

Author Comment

ID: 39225543
DrDamnit: > What's the log file say?

No entry at all.

msifox: I tried echo and was kicked out immediately with Permission denied. It did create the empty file though. I also tried emacs and likewise, it would not save the file, but did create it. In both cases 0640 permissions.

If I have the same uid on the local host as the guest account's on the samba host, it can read and write the files, but still with 0640 even though I believe 0660 is specified everywhere.

The requirement seems simple: do a samba mount that anyone can read/write w/o having to have all users listed in the remote password file.

I'm thinking of reverting to nfs!

Accepted Solution

jmarkfoley earned 0 total points
ID: 39233287
Problem solved. As I thought, the resolution is to use NFS, not CIFS. CIFS works great for Windows mounting samba -- it even gives it the 0660/0771 permissions that I specifiy in the smb.conf file. Unix-to-Unix, however, is another story. After doing more googling I've found that numerous people have the same problem trying to cifs mount a remote unix folder on unix. None of these threads I've perused have any resolution. I finally tried NFS and it seems to work just fine. Here's my solution:

On the hosting computer: I have a md RAID filesystem mounted at /mnt/RAID. This filesystem contains several directories, one of which is 'n'.

In the hosting /etc/exports I added the entry:

You can read the exports man page for details on these options, but basically, the 'squash' options cause any connecting user (including root) to re-map to the "anonymous" user's id and group. The anaonuid and anongid options specify what the anonymous user's uid and gid, respectively, will be. These ids correspond to a particular user and group on the remote connecting computers AND, most importantly, they correspond the the user and group of the 'guest' account specified in the local smb.conf. This way, whether a user is connecting from a Windows workstation using samba, or a linux host using nfs, they will all access this mount as the same user/group.

Finally, on the hosting computer, I made /etc/rc.d/rc.nfsd executable and ran:
/etc/rc.d/rc.nfsd start

On the remote, mounting host:
I added the following to /etc/fstab, where "ohprsstorage" is the hostname of the hosting computer:

ohprsstorage:/mnt/RAID/n   /mnt/n     nfs  nfsvers=3,rw   0  0

I made /etc/rc.d.rc.rpc executable and ran:

$ /etc/rc.d/rc.rpc start
$ mount /mnt/n

It all seems to be working fine. My user's umask on the remote mounting host is 0007, and files I create on the nfs mounted directory get created with 0664 (I still want 0660, but no big deal for the moment), and with the userid and groupid specified in the exports file. No 'permission denied' or 0640 permissions making it impossible for me to create or update files. I have group r/w permissions for the 10001.301 user so only linux users with group permission can access the nfs mounted files ... just like a real Unix filesystem!

I'll leave this open a bit longer for any final thought, refutations, smirks, etc.

Author Closing Comment

ID: 39249765
I figured out a solution.

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question