Avatar of Brocklv6
Brocklv6 asked on

smbfs on Ubuntu issue

We have a simple web app that was written to basically automate a folder structure on a Windows file server. The application will authenticate A.D. users then prompt them to enter a project name (folder name). The script then  makes a copy of a "template" folder structure on the file server and renames it to the project name. Within the last couple days, nothing has changed in the script or the Apache server, the application will authenticate users and can create the root folder (project folder) but errors when trying to create the sub-folders. The error is a permissions error.

The Apache server mounts a share on the Windows server with smbfs.

On the windows file server the permissions are set to everyone and domain users {read/write} recursively from the share root down.

On the Apache server the permissions are set to {777} recursively from /mnt down.

This Apache server and Windows file server are LAN facing only, no firewalls to deal with.

Any input would be greatly appreciated.
Apache Web ServerPHPWeb Servers

Avatar of undefined
Last Comment
gheist

8/22/2022 - Mon
gheist

you can specify permissions on mount command line and fstab

1.1.1.1:/c$/mnt smbfs default,mode=0750,uid=root,gid=httpd
ASKER
Brocklv6

//nv-nas01/shared on /mnt/SambaProjects type cifs (rw,mand)
2014-03-14-8-39-18.png
ASKER CERTIFIED SOLUTION
gheist

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
Brocklv6

@gheist,

when I run:
mount -o remount,uid=root,gid=apache,mode=0750  /mnt/SambaProjects

I get an error of:
bad group name "apache"
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
gheist

it should be what your webserver group is, so that it can read files.
ASKER
Brocklv6

I changed the following and it works correctly now:
uid=www-data gid=www-data

Thank you gheist for your help!
gheist

Just .01c on security:

No you should not let apache change it's content AT ALL (heard of defacements or sites spreading viruses?)
UID=anything but www-data
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Brocklv6

I do understand. However this server does not touch the internet at all nor can client machines access anything other port 80.
gheist

Does anything on the website need to write anything ever in content directories?
I'd say no unless proven otherwise.