Link to home
Start Free TrialLog in
Avatar of Brocklv6

asked on

smbfs on Ubuntu issue

We have a simple web app that was written to basically automate a folder structure on a Windows file server. The application will authenticate A.D. users then prompt them to enter a project name (folder name). The script then  makes a copy of a "template" folder structure on the file server and renames it to the project name. Within the last couple days, nothing has changed in the script or the Apache server, the application will authenticate users and can create the root folder (project folder) but errors when trying to create the sub-folders. The error is a permissions error.

The Apache server mounts a share on the Windows server with smbfs.

On the windows file server the permissions are set to everyone and domain users {read/write} recursively from the share root down.

On the Apache server the permissions are set to {777} recursively from /mnt down.

This Apache server and Windows file server are LAN facing only, no firewalls to deal with.

Any input would be greatly appreciated.
Avatar of gheist
Flag of Belgium image

you can specify permissions on mount command line and fstab$/mnt smbfs default,mode=0750,uid=root,gid=httpd
Avatar of Brocklv6


//nv-nas01/shared on /mnt/SambaProjects type cifs (rw,mand)
Avatar of gheist
Flag of Belgium image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial

when I run:
mount -o remount,uid=root,gid=apache,mode=0750  /mnt/SambaProjects

I get an error of:
bad group name "apache"
it should be what your webserver group is, so that it can read files.
I changed the following and it works correctly now:
uid=www-data gid=www-data

Thank you gheist for your help!
Just .01c on security:

No you should not let apache change it's content AT ALL (heard of defacements or sites spreading viruses?)
UID=anything but www-data
I do understand. However this server does not touch the internet at all nor can client machines access anything other port 80.
Does anything on the website need to write anything ever in content directories?
I'd say no unless proven otherwise.