windows share mounted on linux, can't edit or delete existing files

Hi,

I've mounted a share from my Windows Server on a linux (RHEL) server and I can access all files, I can create/edit/delete new files.
But I can't modify or delete existing files. I can open and read them though.
Even as root I can't do these things.

'ls -al' shows the rights on the file as follows: -rwxrwxrwx. (including the . at the end).

I've mounted the share as follows:
 mount -t cifs //10.51.51.15/SharedDocs /home/shareddocs -o rw,user=username,password="userpassword",uid=username,gid="domain users",vers=2.1,user_xattr,dir_mode=0777,file_mode=0777

Does anybody have any idea how to solve this? I suspect this might have something to do with selinux?
BelgianITGuyIT ManagerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Daniel McAllisterPresident, IT4SOHO, LLCCommented:
It appears that the user for which you authenticated to the CIFS share does not have the permissions you seek.
I'd be curious to see the output of "getfacl <path to file>" (the dot on the end is likely the acl for the file -- that's an Access Control List -- that overrides the "standard" *nix permissions (except for owner permissions).
Also, you don't report the UID/GID shown on the output of the ls -l command -- do they show the CIFS user or some local user (or root)?
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
As with all shared files/folders, you must have DUAL permissions that allow you to do whatever:
 - You must have the appropriate SHARE permissions (that is, the file/folder that is being shared must have given YOU (the accessing user) the permissions you seek -- in the SHARE part of the permissions
 - You must ALSO have the appropriate FILE permissions

I hope this helps...
BelgianITGuyIT ManagerAuthor Commented:
Hi Daniel,

thanks for the comments.
When I did a getfacl of the file, I got #group: domain\040users. Which looked weird, so I changed my mount command to gid="e-team" instead of gid="domain users", thinking the space caused problems, but this didn't solve it:

if I do a ls -al on that file I get:
-rwxrwxrwx. 1 bob e-team  17 Sep26 16:38 testfile.txt
(bob is the cifs user, e-team is the cifs group used to mount the share)

getfacl testfile.txt shows :
# file: testfile.txt
# owner: bob
# group: e-team
user::rwx
group::rwx
other:rwx

I am logged in as user1@domain
if I do a groups user1@domain I get:
user1@domain : domain users e-team it BUILTIN+users

So I am a member of e-team, and group permissions are rwx. I don't get why I only have read rights on the file, no write, no delete.
I can do a cat testfile.txt, and open it in vi, but can't save it.

Could this be a problem with selinux?  I have very little experience/knowledge about it, but I remember having a problem with it in the past where files shared by samba were not visible to the users. But that was mounting a folder shared by samba on linux server 1 to linux server 2. No MS Windows Server was involved in that case.

command getsebool -a |grep samba shows:
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_load_libgfapi --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
tmpreaper_use_samba --> off
use_samba_home_dirs --> off
virt_use_samba --> off

command getsebool -a |grep smb shows:
smbd_anon_write --> off

Is one of these settings the culprit?
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

BelgianITGuyIT ManagerAuthor Commented:
Maybe it doesn't have anything to do with selinux:
I changed the mode to permissive, rebooted the server, remounted the share: still the same problem.

Extra info:
even user bob (who owns the files, since the share is mounted as user bob) doesn't have write access to the file when I ssh into the server as bob.

if I do a ls -al on that file I get:
-rwxrwxrwx. 1 bob e-team  17 Sep26 16:38 testfile.txt
(bob is the cifs user, e-team is the cifs group used to mount the share)

getfacl testfile.txt shows :
# file: testfile.txt
# owner: bob
# group: e-team
user::rwx
group::rwx
other:rwx
BelgianITGuyIT ManagerAuthor Commented:
Finally solved it. Apparently the user used to mount the windows share was not a member of the group used.
Must have been an oversight when creating this user a couple of years ago.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
I'm glad you found the issue. Permissions in share situations are seldom as straightforward as people think.
BelgianITGuyIT ManagerAuthor Commented:
through trial & error I found out that the windows user was not a member of the correct group.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.