0

I am having trouble writing to a samba share from a linux client (a Windows client can read and write just fine). According to ls -la run from the linux client, I should have full permissions:

james@Q35-ICH9:~$ ls -la /mnt/
total 8
drwxr-xr-x  3 root  root  4096 Feb 25 09:38 .
drwxr-xr-x 24 root  root  4096 Feb 25 04:39 ..
drwxrwxrwx 61 james james    0 Feb 26 05:39 cloudshare

james@Q35-ICH9:~$ getfacl  /mnt/cloudshare/
getfacl: Removing leading '/' from absolute path names
# file: mnt/cloudshare/
# owner: james
# group: james
user::rwx
group::rwx
other::rwx

but:

james@Q35-ICH9:~$ touch  /mnt/cloudshare/test
touch: cannot touch '/mnt/cloudshare/test': Permission denied

But if I use sudo, I can touch:

james@Q35-ICH9:~$ sudo touch  /mnt/cloudshare/test

The user also has full access to the parent folder:

james@Q35-ICH9:~$ ls -la /mnt/
total 8
drwxrwxrwx  3 james james 4096 Feb 25 09:38 .
drwxr-xr-x 24 root  root  4096 Feb 25 04:39 ..
drwxrwxrwx 61 james james    0 Feb 26 07:42 cloudshare

I am confused as to why I need to be root to write to cloudshare even though 'james' should have full permissions (as far as I can see).

  • What is the output if you run grep /mnt /proc/mounts? The answer may include your IP address; feel free to hide it. But any other mount options would be important in understanding this problem. – telcoM Feb 26 '19 at 14:27
  • //10.0.0.x/cloud /mnt/cloudshare cifs rw,relatime,vers=1.0,cache=strict,username=neon,domain=,uid=0,noforceuid,gid=0,noforcegid,addr=10.0.0.x,soft,unix,posixpaths,serverino,mapposix,acl,rsize=1048576,wsize=65536,echo_interval=60,actimeo=1 0 0 – Stonecraft Feb 26 '19 at 14:29
  • Did you try removing noforceuid and changing uid=0 to uid=1000 (or whatever id -u tells you is james' user id) (and the same for group)? Also, please edit the question to put the mount output into it! –  Feb 26 '19 at 17:51
  • Where are these options? I don't seem them in smb.conf. – Stonecraft Feb 26 '19 at 18:10
  • 1
    They're part of mount.cifs. Try just adding 'uid=1000,gid=1000' to the options in your fstab and re-mounting? –  Feb 26 '19 at 19:03
  • Yes, that did it! Please post it as an answer so that I can properly credit you @drewbenn. Also, I still have no idea WHY that worked, so feel free to include some explanation when you answer. – Stonecraft Feb 26 '19 at 19:30

1 Answers1

3

Your mount options include username=neon, indicating that the connection to the share has been established using that username.

You've presented no reason to assume that the local user james would be in any way related to Samba server user neon... or to the server user james for that matter. Has such a relation been established in some other way?

The SMB protocol always carries the domain information in usernames, and if no other domain is specified, the local hostname is usually used in its place.

So, the files you see as already owned by "james" are actually probably owned by "james@10.0.0.x", which is not necessarily have anything to do with "james@Q35-ICH9".

If "james@Q35-ICH9" does not currently map to any valid user on the Samba server, but "root@Q35-ICH9" does, that might explain the problem you're having.

I also see vers=1.0 in the mount options, indicating that you're still using the deprecated and WannaCry-vulnerable SMB/CIFS 1.0 protocol. If your Samba server and Windows client are even somewhat up to date, they both should support higher protocol versions. The fact that the version number is reported here indicates that your CIFS mount module also supports higher protocol versions, but might not autonegotiate them if you are using an old Linux distribution.

Alternatively, you may have forced the protocol version to 1.0 deliberately at some point. Please review whether such forcing is still necessary, and if at all possible, please move to newer protocol versions, which will both perform better and be more secure.

telcoM
  • 96,466
  • Thanks for the heads up about the version. I don't remember doing that deliberately, but it's possible that I did in the course of troubleshooting and then forgot. Since this is all on a local home network, I'm not really stressing about security. Regarding the connection between "james@Q35-ICH9' and the neon account, in fstab of james@Q35 I have: //10.0.0.8/cloud /mnt/cloudshare cifs rw,vers=1.0,username=neon,password=xxxxx,iocharset=utf8, 0 0

    I thought that was all I had to do. There is currently no 'james' account on 10.0.0.x (the server), just Q35.

    – Stonecraft Feb 26 '19 at 15:59
  • Also, I ran chmod -R 777 on the shared folder on the host. This allowed me to read and write from a Windows computer, but not the Linux one, which is why I am thinking the problem is on the neon client. – Stonecraft Feb 26 '19 at 16:09