On Mon, March 17, 2008 11:48 am, John Andersen wrote:

On Sun, Mar 16, 2008 at 6:27 AM, Alexander Winizki wrote:

...

Hi, I hav a PC with OpenSuse 10.3. In my network there is another box named "dreambox" which is running a Samba server. I want to open a file on this machine with a Java program running on my PC. I mount the shared folder by issuing the following command as root:

mount -t cifs -o user=root -o rw //dreambox/harddisk /mnt/dreambox

Then I can list the contents of the mounted folder. The file I want to open is listed as follows:

-r-xr-xr-x 1 root root 2147483580 31. Dez 11:45 movie.ts

Then if I try to copy it to the local disk, I get an error message:

#cp movie.ts /home cp: movie.ts cannot be opened for reading: No permission

But according to ls everyone has a reading permission!

It sucks that you have to allow mounting anything thru samba as root! Its just wrong on so many levels. Worse, your guest account = root! Yikes. [...]

Yes, this is very bad practice. There is a problem with the way your shares are defined. The Samba server does not necessarily use the file system permissions on the server - it maps shares with a different set of permissions that can be defined on a global or share-by-share basis. You definitely should not have the file (or the share) owned by root. What level of security do you have set for Samba? -- Rodney Baker VK5ZTV rodney.baker@iinet.net.au -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

On Tue, 18 Mar 2008 01:10:33 Alexander Winizki wrote:

...

On Mon, March 17, 2008 11:48 am, John Andersen wrote:

...

On Sun, Mar 16, 2008 at 6:27 AM, Alexander Winizki

wrote:

...

Hi, I hav a PC with OpenSuse 10.3. In my network there is another box named "dreambox" which is running a Samba server. I want to open a file on this machine with a Java program running on my PC. I mount the shared folder by issuing the following command as root:

mount -t cifs -o user=root -o rw //dreambox/harddisk /mnt/dreambox [...snip...] Since I can read the files from Windows or KDE or smbclient, this proves

Rodney Baker schrieb: that the server is willing to grant me read access. I see the problem with the cifs vfs module. Or does the CIFS VFS module claim to adhere - as opposed to Windows, KDE or smbclient - to some kind of specification that requires it to deny read access in my situation?

I think it probably has to do with the cifs mount command. There is an alternative method that I found I needed to use to mount cifs volumes from my Samba server on my laptop to have them mounted at boot time with appropriate permissions. I'm about to go to bed (1am here) but I'll try to check tomorrow after work. It has been some time since I set this up and it just works now.

[...snip...] that I can really read it. At least this issue is IMHO a bug. The most strange thing is what I found out yesterday: I can read files for which ls reports that I have write access, like this:

-rwxrwxrwx 1 root root 2147483580 31. Dez 11:45 movie.ts

So, most probably I will use this method as a workaround meanwhile.

Again, I suspect that the problem is simple. I have it working fine at home running a Samba server on openSuse 10.3 (standard install, not a custom build) with both openSuse and Windows clients on 2 different laptops, one doing domain logons (yes, I know it's overkill for a home network but I wanted to figure out how to do it) and one not.

[...snip...] It's just my home network. The samba server is a digital TV receiver based on Linux with a built-in HDD so I can record TV shows on it. I copy the recorded movies to my PC in order to burn them on DVD. So, IMHO, security is not an issue in my scenario since the network is protected by a router from outside access.

Of course, the level of required security is dependent on how important it is to you (or how much damage would occur) if someone did gain unauthorised access to your network...

I would indeed never configure a server like this in a company.

Of course, that would be asking for a great deal of trouble...

The more important thing for me is that it works with a couple of mouse clicks in Windows or in KDE or with smbclient - with all these I have read access to the receiver's harddisk without needing to change anything in the configuration.

Which is what makes me think it is related to either how the share is configured or how it is being mounted.

So, I would be thankful for further comments.

Will follow up tomorrow (if someone hasn't beaten me to it...). Regards, -- =================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au =================================================== "Right now I'm having amnesia and deja vu at the same time." -- Steven Wright -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

John Andersen wrote:

Ah, yes, I had almost forgotten this. CIFS tries to use LOCAL management of permissions, that is, the machine doing the mount attempts to tell the server the permissions to use, and since the user logged in on the mounting machine has a different userid than root on the server it does not work.

You have to add the options noacl,noperm, to the mount command to tell CIFS that it should allow the SERVER to manage permissions.

I often mount samba shares this way in /etc/fstab: (its one long line - bound to wrap here:

//server/share /mnt cifs auto,user,uid=1000,gid=1003,file_mode=0660,dir_mode=0770,ip=192.168.0.1,noacl,noperm,nocase,credentials=/root/creds 1 2

man mount.cifs explains noperms

I have already worked through the mount.cifs man page trying out all the options - no use. My last attempt was: bigblue:/ # mount -t cifs //dreambox/harddisk /mnt/dreambox --verbose -o user=root,password=******,noperm,domain=minander,uid=0,gid=0,file_mode=0777,dir_mode=0777,noacl,rw I am always able to mount the folder and list the directory contents, but trying to read a file results in no permission. Another thing that I have noticed is that specifying a wrong password does not produce an error message - the results seem to be the same as when I specify the correct one. Recently I found out that there is a mailing list specially for the mount.cifs module. So I will try my luck there. I will still be thankful if somebody -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

John Andersen schrieb:

On Mon, Mar 17, 2008 at 1:44 PM, Alexander Winizki wrote:

...

I have already worked through the mount.cifs man page trying out all the options - no use. My last attempt was: bigblue:/ # mount -t cifs //dreambox/harddisk /mnt/dreambox --verbose -o user=root,password=******,noperm,domain=minander,uid=0,gid=0,file_mode=0777,dir_mode=0777,noacl,rw

Uid=0,GID=0 ?????

That seems odd, have you experimented with that?

yes, I have also tries uid=root,gid=root

...

Another thing that I have noticed is that specifying a wrong password does not produce an error message -

Well thats what you get with security=share and a wide open guest account.

That old version of samba may be confused by cifs. Did I miss a post in this thread where you indicated smbmount worked or not?

The following things work: mounting from a Windows XP machine, creating a "network folder" in KDE (which is not visible to non-KDE programs) and smbclient. I could not find, smbmount in OpenSuse 10.3 repositories and I also have read that on some other current distros there is an smbmount command which is simply redirected to mount.cifs. the "real" smbmount is said to be deprecated according to what I have found on the web and I dont know how to install it or whether it will conflict with the other parts of the samba suite. Btw., I have also tried out fusesmb, but it seems just to do nothing. Anybody familiar with that? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org