Mailinglist Archive: opensuse (2459 mails)

< Previous Next >
Re: [opensuse] Permission problem while accessing a folder mounted with CIFS
  • From: Alexander Winizki <awinizki@xxxxxx>
  • Date: Mon, 17 Mar 2008 15:40:33 +0100
  • Message-id: <47DE82E1.40706@xxxxxx>
Rodney Baker schrieb:
On Mon, March 17, 2008 11:48 am, John Andersen wrote:
On Sun, Mar 16, 2008 at 6:27 AM, Alexander Winizki <awinizki@xxxxxx>
wrote:
Hi,
I hav a PC with OpenSuse 10.3. In my network there is another box named
"dreambox" which is running a Samba server.
I want to open a file on this machine with a Java program running on my
PC. I mount the shared folder by issuing the following
command as root:

mount -t cifs -o user=root -o rw //dreambox/harddisk /mnt/dreambox

Then I can list the contents of the mounted folder. The file I want to
open is listed as follows:

-r-xr-xr-x 1 root root 2147483580 31. Dez 11:45 movie.ts

Then if I try to copy it to the local disk, I get an error message:

#cp movie.ts /home
cp: movie.ts cannot be opened for reading: No permission

But according to ls everyone has a reading permission!
It sucks that you have to allow mounting anything thru samba as root!
Its just wrong on so many levels.
Worse, your guest account = root! Yikes.
[...]
guest account = root wasn't there from the beginning. I added it because I thought it would help.

Yes, this is very bad practice. There is a problem with the way your
shares are defined.
Since I can read the files from Windows or KDE or smbclient, this proves that the server is willing to
grant me read access. I see the problem with the cifs vfs module. Or does the CIFS VFS module claim
to adhere - as opposed to Windows, KDE or smbclient - to some kind of specification that requires it to
deny read access in my situation?
The Samba server does not necessarily use the file
system permissions on the server - it maps shares with a different set of
permissions that can be defined on a global or share-by-share basis.
The listing like:

-r-xr-xr-x 1 root root 2147483580 31. Dez 11:45 movie.ts

is what I get when I issue the ls command on the PC from which I have mounted
the samba server. So, if ls says I can read a file then I expect that I can
really
read it. At least this issue is IMHO a bug. The most strange thing is what I
found out yesterday:
I can read files for which ls reports that I have write access, like this:

-rwxrwxrwx 1 root root 2147483580 31. Dez 11:45 movie.ts

So, most probably I will use this method as a workaround meanwhile.
You definitely should not have the file (or the share) owned by root. What
level of security do you have set for Samba?

It's just my home network. The samba server is a digital TV receiver based on Linux with a built-in HDD
so I can record TV shows on it. I copy the recorded movies to my PC in order to burn them on DVD. So,
IMHO, security is not an issue in my scenario since the network is protected by a router from outside access.
I would indeed never configure a server like this in a company.
The more important thing for me is that it works with a couple of mouse clicks in Windows or in KDE or
with smbclient - with all these I have read access to the receiver's harddisk without needing to change
anything in the configuration.

So, I would be thankful for further comments.

Greetings,
Alex.

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups