[opensuse] Permission problem while accessing a folder mounted with CIFS
Hi, I hav a PC with OpenSuse 10.3. In my network there is another box named "dreambox" which is running a Samba server. I want to open a file on this machine with a Java program running on my PC. I mount the shared folder by issuing the following command as root: mount -t cifs -o user=root -o rw //dreambox/harddisk /mnt/dreambox Then I can list the contents of the mounted folder. The file I want to open is listed as follows: -r-xr-xr-x 1 root root 2147483580 31. Dez 11:45 movie.ts Then if I try to copy it to the local disk, I get an error message: #cp movie.ts /home cp: movie.ts cannot be opened for reading: No permission But according to ls everyone has a reading permission! On my PC there is also Windows XP SP2 installed. Under Windows i can simply mount the shared folder from the windows explorer with "extras->connect network drive" and can open the files on it for reading with any program. Under KDE it also works without problems - by opening the remote:/ view and klicking "add network folder". After I have added the network folder, I can copy files from it to the local disk without problems. Unfortunately, such network folders are not accessible in the file open dialog of Java programs. The files i want to process are a couple of GB large, so copying them to the local disk and opening them afterwards would be awkward as compared to working under windows where I can copy the file to the PC and process it in the same one step. Since the machine I want to mount is a kind of a multimedia box built on embedded hardware, I have no possibility to install new software on it. In particular, there is no nfsd installed on that box! The smbd version 1.9.18. I can only edit the configuration files and boot/shutdown the box etc. The contents of the smb.conf file are as follows: [global] character set = ISO8859-1 client code page = 850 load printers = no guest account = root log file = /tmp/smb.log security = share server string = DreamBOX - Samba Version %v workgroup = minander netbios name = DreamBOX [Configuration] comment = Configuration files - take care! path = /var read only = no public = yes guest ok = yes [Harddisk] comment = The harddisk path = /hdd read only = no public = yes guest ok = yes so, what am i doing wrong and how can I mount the folder so that it allows me to have read access to the files? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, Mar 16, 2008 at 6:27 AM, Alexander Winizki
Hi, I hav a PC with OpenSuse 10.3. In my network there is another box named "dreambox" which is running a Samba server. I want to open a file on this machine with a Java program running on my PC. I mount the shared folder by issuing the following command as root:
mount -t cifs -o user=root -o rw //dreambox/harddisk /mnt/dreambox
Then I can list the contents of the mounted folder. The file I want to open is listed as follows:
-r-xr-xr-x 1 root root 2147483580 31. Dez 11:45 movie.ts
Then if I try to copy it to the local disk, I get an error message:
#cp movie.ts /home cp: movie.ts cannot be opened for reading: No permission
But according to ls everyone has a reading permission!
It sucks that you have to allow mounting anything thru samba as root! Its just wrong on so many levels. Worse, your guest account = root! Yikes. Next, you might want to try smbmount with that version of samba. -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, March 17, 2008 11:48 am, John Andersen wrote:
On Sun, Mar 16, 2008 at 6:27 AM, Alexander Winizki
wrote: Hi, I hav a PC with OpenSuse 10.3. In my network there is another box named "dreambox" which is running a Samba server. I want to open a file on this machine with a Java program running on my PC. I mount the shared folder by issuing the following command as root:
mount -t cifs -o user=root -o rw //dreambox/harddisk /mnt/dreambox
Then I can list the contents of the mounted folder. The file I want to open is listed as follows:
-r-xr-xr-x 1 root root 2147483580 31. Dez 11:45 movie.ts
Then if I try to copy it to the local disk, I get an error message:
#cp movie.ts /home cp: movie.ts cannot be opened for reading: No permission
But according to ls everyone has a reading permission!
It sucks that you have to allow mounting anything thru samba as root! Its just wrong on so many levels. Worse, your guest account = root! Yikes. [...]
Yes, this is very bad practice. There is a problem with the way your shares are defined. The Samba server does not necessarily use the file system permissions on the server - it maps shares with a different set of permissions that can be defined on a global or share-by-share basis. You definitely should not have the file (or the share) owned by root. What level of security do you have set for Samba? -- Rodney Baker VK5ZTV rodney.baker@iinet.net.au -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, March 17, 2008 11:48 am, John Andersen wrote:
On Sun, Mar 16, 2008 at 6:27 AM, Alexander Winizki
wrote: Hi, I hav a PC with OpenSuse 10.3. In my network there is another box named "dreambox" which is running a Samba server. I want to open a file on this machine with a Java program running on my PC. I mount the shared folder by issuing the following command as root:
mount -t cifs -o user=root -o rw //dreambox/harddisk /mnt/dreambox
Then I can list the contents of the mounted folder. The file I want to open is listed as follows:
-r-xr-xr-x 1 root root 2147483580 31. Dez 11:45 movie.ts
Then if I try to copy it to the local disk, I get an error message:
#cp movie.ts /home cp: movie.ts cannot be opened for reading: No permission
But according to ls everyone has a reading permission!
It sucks that you have to allow mounting anything thru samba as root! Its just wrong on so many levels. Worse, your guest account = root! Yikes. [...]
guest account = root wasn't there from the beginning. I added it because I thought it would help.
Yes, this is very bad practice. There is a problem with the way your shares are defined. Since I can read the files from Windows or KDE or smbclient, this proves
Rodney Baker schrieb: that the server is willing to grant me read access. I see the problem with the cifs vfs module. Or does the CIFS VFS module claim to adhere - as opposed to Windows, KDE or smbclient - to some kind of specification that requires it to deny read access in my situation?
The Samba server does not necessarily use the file system permissions on the server - it maps shares with a different set of permissions that can be defined on a global or share-by-share basis.
The listing like: -r-xr-xr-x 1 root root 2147483580 31. Dez 11:45 movie.ts is what I get when I issue the ls command on the PC from which I have mounted the samba server. So, if ls says I can read a file then I expect that I can really read it. At least this issue is IMHO a bug. The most strange thing is what I found out yesterday: I can read files for which ls reports that I have write access, like this: -rwxrwxrwx 1 root root 2147483580 31. Dez 11:45 movie.ts So, most probably I will use this method as a workaround meanwhile.
You definitely should not have the file (or the share) owned by root. What level of security do you have set for Samba?
It's just my home network. The samba server is a digital TV receiver based on Linux with a built-in HDD so I can record TV shows on it. I copy the recorded movies to my PC in order to burn them on DVD. So, IMHO, security is not an issue in my scenario since the network is protected by a router from outside access. I would indeed never configure a server like this in a company. The more important thing for me is that it works with a couple of mouse clicks in Windows or in KDE or with smbclient - with all these I have read access to the receiver's harddisk without needing to change anything in the configuration. So, I would be thankful for further comments. Greetings, Alex. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 18 Mar 2008 01:10:33 Alexander Winizki wrote:
On Mon, March 17, 2008 11:48 am, John Andersen wrote:
On Sun, Mar 16, 2008 at 6:27 AM, Alexander Winizki
wrote:
Hi, I hav a PC with OpenSuse 10.3. In my network there is another box named "dreambox" which is running a Samba server. I want to open a file on this machine with a Java program running on my PC. I mount the shared folder by issuing the following command as root:
mount -t cifs -o user=root -o rw //dreambox/harddisk /mnt/dreambox [...snip...] Since I can read the files from Windows or KDE or smbclient, this proves
Rodney Baker schrieb: that the server is willing to grant me read access. I see the problem with the cifs vfs module. Or does the CIFS VFS module claim to adhere - as opposed to Windows, KDE or smbclient - to some kind of specification that requires it to deny read access in my situation?
I think it probably has to do with the cifs mount command. There is an alternative method that I found I needed to use to mount cifs volumes from my Samba server on my laptop to have them mounted at boot time with appropriate permissions. I'm about to go to bed (1am here) but I'll try to check tomorrow after work. It has been some time since I set this up and it just works now.
[...snip...] that I can really read it. At least this issue is IMHO a bug. The most strange thing is what I found out yesterday: I can read files for which ls reports that I have write access, like this:
-rwxrwxrwx 1 root root 2147483580 31. Dez 11:45 movie.ts
So, most probably I will use this method as a workaround meanwhile.
Again, I suspect that the problem is simple. I have it working fine at home running a Samba server on openSuse 10.3 (standard install, not a custom build) with both openSuse and Windows clients on 2 different laptops, one doing domain logons (yes, I know it's overkill for a home network but I wanted to figure out how to do it) and one not.
[...snip...] It's just my home network. The samba server is a digital TV receiver based on Linux with a built-in HDD so I can record TV shows on it. I copy the recorded movies to my PC in order to burn them on DVD. So, IMHO, security is not an issue in my scenario since the network is protected by a router from outside access.
Of course, the level of required security is dependent on how important it is to you (or how much damage would occur) if someone did gain unauthorised access to your network...
I would indeed never configure a server like this in a company.
Of course, that would be asking for a great deal of trouble...
The more important thing for me is that it works with a couple of mouse clicks in Windows or in KDE or with smbclient - with all these I have read access to the receiver's harddisk without needing to change anything in the configuration.
Which is what makes me think it is related to either how the share is configured or how it is being mounted.
So, I would be thankful for further comments.
Will follow up tomorrow (if someone hasn't beaten me to it...). Regards, -- =================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au =================================================== "Right now I'm having amnesia and deja vu at the same time." -- Steven Wright -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, Mar 17, 2008 at 7:55 AM, Rodney Baker
I think it probably has to do with the cifs mount command. There is an alternative method that I found I needed to use to mount cifs volumes from my Samba server on my laptop to have them mounted at boot time with appropriate permissions.
Ah, yes, I had almost forgotten this. CIFS tries to use LOCAL management of permissions, that is, the machine doing the mount attempts to tell the server the permissions to use, and since the user logged in on the mounting machine has a different userid than root on the server it does not work. You have to add the options noacl,noperm, to the mount command to tell CIFS that it should allow the SERVER to manage permissions. I often mount samba shares this way in /etc/fstab: (its one long line - bound to wrap here: //server/share /mnt cifs auto,user,uid=1000,gid=1003,file_mode=0660,dir_mode=0770,ip=192.168.0.1,noacl,noperm,nocase,credentials=/root/creds 1 2 man mount.cifs explains noperms -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen wrote:
Ah, yes, I had almost forgotten this. CIFS tries to use LOCAL management of permissions, that is, the machine doing the mount attempts to tell the server the permissions to use, and since the user logged in on the mounting machine has a different userid than root on the server it does not work.
You have to add the options noacl,noperm, to the mount command to tell CIFS that it should allow the SERVER to manage permissions.
I often mount samba shares this way in /etc/fstab: (its one long line - bound to wrap here:
//server/share /mnt cifs auto,user,uid=1000,gid=1003,file_mode=0660,dir_mode=0770,ip=192.168.0.1,noacl,noperm,nocase,credentials=/root/creds 1 2
man mount.cifs explains noperms
I have already worked through the mount.cifs man page trying out all the options - no use. My last attempt was: bigblue:/ # mount -t cifs //dreambox/harddisk /mnt/dreambox --verbose -o user=root,password=******,noperm,domain=minander,uid=0,gid=0,file_mode=0777,dir_mode=0777,noacl,rw I am always able to mount the folder and list the directory contents, but trying to read a file results in no permission. Another thing that I have noticed is that specifying a wrong password does not produce an error message - the results seem to be the same as when I specify the correct one. Recently I found out that there is a mailing list specially for the mount.cifs module. So I will try my luck there. I will still be thankful if somebody -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, Mar 17, 2008 at 1:44 PM, Alexander Winizki
I have already worked through the mount.cifs man page trying out all the options - no use. My last attempt was: bigblue:/ # mount -t cifs //dreambox/harddisk /mnt/dreambox --verbose -o user=root,password=******,noperm,domain=minander,uid=0,gid=0,file_mode=0777,dir_mode=0777,noacl,rw
Uid=0,GID=0 ????? That seems odd, have you experimented with that?
Another thing that I have noticed is that specifying a wrong password does not produce an error message -
Well thats what you get with security=share and a wide open guest account. That old version of samba may be confused by cifs. Did I miss a post in this thread where you indicated smbmount worked or not? -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
John Andersen schrieb:
On Mon, Mar 17, 2008 at 1:44 PM, Alexander Winizki
wrote: I have already worked through the mount.cifs man page trying out all the options - no use. My last attempt was: bigblue:/ # mount -t cifs //dreambox/harddisk /mnt/dreambox --verbose -o user=root,password=******,noperm,domain=minander,uid=0,gid=0,file_mode=0777,dir_mode=0777,noacl,rw
Uid=0,GID=0 ?????
That seems odd, have you experimented with that?
yes, I have also tries uid=root,gid=root
Another thing that I have noticed is that specifying a wrong password does not produce an error message -
Well thats what you get with security=share and a wide open guest account.
That old version of samba may be confused by cifs. Did I miss a post in this thread where you indicated smbmount worked or not?
The following things work: mounting from a Windows XP machine, creating a "network folder" in KDE (which is not visible to non-KDE programs) and smbclient. I could not find, smbmount in OpenSuse 10.3 repositories and I also have read that on some other current distros there is an smbmount command which is simply redirected to mount.cifs. the "real" smbmount is said to be deprecated according to what I have found on the web and I dont know how to install it or whether it will conflict with the other parts of the samba suite. Btw., I have also tried out fusesmb, but it seems just to do nothing. Anybody familiar with that? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Alexander Winizki
-
John Andersen
-
Rodney Baker