Fedora Linux Support Community & Resources Center
  #1  
Old 16th August 2005, 08:29 AM
earlboy Offline
Registered User
 
Join Date: Aug 2005
Posts: 7
Linux to Linux smb share write access problem

I've got a file server running fedora 3 with samba shares on a external usb disk with vfat partition.
Share name is "pub" and is located in an external usbdisk with vfat filesystem, mount point is /media/usbdisk/pub
I've also got a client pc dual booted with WinXP and fedora 3.

Accessing the share in winxp, read/write - no problem (I've tested on admin account only)
Accessing the share using linux via nautilis file browser - no problem ( any user can read or write )

The problem arises when I manually mount the share using the mount command.
mount -t smb -o username=my_user,password=my_password,uid=500,gid= 100,dmask=777,,workgroup="NO GROUP" //MyFileServer/pub /mnt/smb

As root I can read/write no problem.
But as an ordinary user, I can create a directory in the share no problem, but as soon as I go into that directory and try to create a file or another directory I get a 'permission denied'.
As mentioned above using nautilis even as an ordinay user I don't get this problem.
I haven't tried accessing the share in XP using an ordinary user.

here is my smb.conf for the pub share :

[global]
workgroup = no group
server string = File Server
printcap name = /etc/printcap# This option tells cups that the data has already been rasterized
load printers = yes
cups options = raw
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
#==========Share Definitions ========================
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
username map = /etc/samba/smbusers
password server = None
winbind use default domain = no
[pub]
comment = Public Files
path = /media/usbdisk/pub
writeable = yes
admin users = nobody bong

As mentioned above, I need to create a subdirectory on the directory I've just created in the share, but somehow I'm not being permited to by samba.

Any help appreciated. Thanks.
Reply With Quote
  #2  
Old 17th August 2005, 07:34 AM
earlboy Offline
Registered User
 
Join Date: Aug 2005
Posts: 7
I've managed to fix the problem. Though I don't know if it's the right way to do it.
I've installed FUSE and FuseSMB in my system.
I'm now able to create subdirectories and copy files into those subdirectories.
I replied to my own post in case someone encounters the same problem I had.

cheers.
Reply With Quote
  #3  
Old 3rd September 2005, 03:31 AM
fozner Offline
Registered User
 
Join Date: Aug 2005
Posts: 163
I ran into the same problem with SELINUX. Not sure what the correct security context is but you have to change one of the security contexts on the server to be one of type smb_share or some junk like that. Sorry for being vague but I forgot. Maybe this will jog somebody's memory. The reason FUSE is working is that FUSE is probably correcting the security context. If you can do a ls -Z in the shared folder and post that, maybe we can learn what the correct setting is...

Edit: What you're looking for is in your smb.conf for the share add:
force create mode = 0775
force directory mode = 6775

Also please read this selection, paying attention to how to set the sticky bit on directories within the share so that new files are created with the proper permissions.

http://www.samba.org/samba/docs/man/...html#id2595282

Last edited by fozner; 3rd September 2005 at 09:10 PM.
Reply With Quote
  #4  
Old 3rd September 2005, 03:39 AM
kosmosik Offline
Registered User
 
Join Date: Apr 2004
Location: Warsaw, Poland
Age: 33
Posts: 1,085
http://fedoranews.org/contributors/k...kosmowski/fat/
Reply With Quote
  #5  
Old 3rd September 2005, 03:41 AM
kosmosik Offline
Registered User
 
Join Date: Apr 2004
Location: Warsaw, Poland
Age: 33
Posts: 1,085
Quote:
Originally Posted by kosmosik
please note the mask (fmask/dmask) parameters in mount options... it looks to me like kernel somehows caches the permissions on FAT (even that they do not exist)...
Reply With Quote
  #6  
Old 4th September 2005, 02:11 PM
earlboy Offline
Registered User
 
Join Date: Aug 2005
Posts: 7
Thanks for the replies.

I'll try fozner's suggestion, and see what happens.

FUSE is a bit annoying to use, since it never gets loaded at bootime. ( I tried some stuff I've read about getting modules loaded at boot time, but with fuse it doesn't seem to work. ).

I'll post back as soon as I can about the results.
Reply With Quote
  #7  
Old 4th September 2005, 08:14 PM
fozner Offline
Registered User
 
Join Date: Aug 2005
Posts: 163
I wish you luck. What I wound up doing, for my setup, was switching to NFS. Nfs shares the same folder that smb chokes on with no problems at all. And I can read and write to the folder from anywhere the ACL and firewall will allow.

The only problem with nfs is it lacks user level security so... any user with uid # x can go in and modify files. I wouldn't recommend it on a WEP...

For persistant connections, I have added a line to my /etc/fstab

games:/usr/share/point2play /mnt/games nfs intr 0 0
Reply With Quote
  #8  
Old 4th September 2005, 09:47 PM
SlowJet Offline
Registered User
 
Join Date: Jan 2005
Posts: 5,048
FUSE is a Kernel Module with a lib API for a File System.
FuseSMB is 2 program - one to cralw the net and collect share names (under what authority?), make a list so that program two can use SMB mounts in a pooled manner.

FUSE completely bypasses SELinux and any File System used by it could not be incorperated into the FC File System without some serious Permission maintenance and a relabel of the mount.

FUSE seems toooo good to be true. If it is so good why isn't it in FC?
Why is the Samba and IBM guys not gobbling up the code?
Why doesn't it understand SELinux?
Why has it taken so long to get to .8 vesion.

Run at your own risk as one bug will bring down the whole system.

If you read that link from Kosk, you wouldn't have to make up stories about SELinux and permissions then hack your systems back into the past to make up for your mis-information.

SJ
__________________
Do the Math

Last edited by SlowJet; 4th September 2005 at 09:51 PM.
Reply With Quote
  #9  
Old 7th September 2005, 02:41 AM
earlboy Offline
Registered User
 
Join Date: Aug 2005
Posts: 7
FUSE isn't maintained anymore, as far as I know. I think it was merged with the AVFS project.
It might not work with every system it is installed on, so maybe that is the reason why FC did not include it.
Reply With Quote
  #10  
Old 7th September 2005, 03:08 AM
fozner Offline
Registered User
 
Join Date: Aug 2005
Posts: 163
Not using FUSE. Not recommending FUSE. Just curious about how it bypasses selinux and the correct way to make smb rw shares work under Selinux. That is what nobody seems to know.
Reply With Quote
  #11  
Old 7th September 2005, 04:50 AM
earlboy Offline
Registered User
 
Join Date: Aug 2005
Posts: 7
Well it didn't work. I've added :
force create mode = 0775 ( even tried 0777 )
force directory mode = 6775 ( same here tried 6777 )
but as a regular user ( not root), I still got the same problem. I can create a directory in my /mnt/smb/pub directory e.g. ( mkdir /mnt/smb/pub/test - works ), but cannot create a file or directory inside it e.g. ( mkdir /mnt/smb/pub/test/test2 - permission denied ).

tried kosmosik's suggestion as well .

I tried using umask=000 ( since I read that it was reverted ), dmask=000 and fmask=000 in my mount options, but still I'm still getting the same problem.
Reply With Quote
  #12  
Old 2nd May 2007, 07:03 PM
Time2IPL Offline
Registered User
 
Join Date: Dec 2006
Posts: 18
Quote:
Originally Posted by fozner
The reason FUSE is working is that FUSE is probably correcting the security context. If you can do a ls -Z in the shared folder and post that, maybe we can learn what the correct setting is...
I really doubt that FUSE it's doing anything with SELINUX or security contexts; it's a user-space driver that's allowing you to access your Window$ files directly. Think of it as if you were using a CD as a normal user; the permissions in fstab have to be set so you can use it, but once they are, you're off and running. Same thing with FUSE. AFAIK the only security layer(s) applied are that which are provided by the underlying file system(s).

I'm still not clear on why you're using FUSE - or NTFS in the kernel - or anything other than SAMBA itself to read / write files; you're not using FUSE et al. to circumvent SAMBA's access controls, are you? If you're having user permissions at all, you probably want to do a {CODE]net groupmap list[/CODE]
and make sure that you have corresponding UNIX groups for each NT group. Running pdbedit might clear some of the mystery surrounding this up for you, too. SAMBA has grown up, it's using UNIX uid & gid <-> NT sid (& rid) mapping; check out your /var/log/messages...
Reply With Quote
  #13  
Old 2nd May 2007, 07:24 PM
Time2IPL Offline
Registered User
 
Join Date: Dec 2006
Posts: 18
Hit "post" by accident; sorry for that.

I'm running a SAMBA PDC; everything on that machine is accessible to users authenticated by it (who logged in to / via it) and also at a share level. From the looks of the dates on my files in August of '04 I had to change a lot of things around; SAMBA matured a LOT. This setup has been working wonderfully; it even auto-magically sends the correct print drivers when a windows user adds a printer.

Part I : get your smb.conf in working order (I'll elaborate on that in a bit)
Part II: map out your users and your groups. Remember, users essentially exist twice: as UNIX users, and as SAMBA users. By far and away the easiest way to deal with users is to add them with useradd, set a pasword for them with passwd, then add them as SAMBA users. Something like this (as root):
Code:
useradd -u $NEWUSERUID -c "SAMBA user" -g users -G users,ntusers -m -d /export/home/$NEWUSERNAME -n $NEWUSERNAME
passwd --stdin $NEWUSERNAME
smbpasswd -a $NEWUSERNAME
(it'll prompt you for the user's password at this point).
Use the same password for the *NIX shell account and for smbpasswd.
Next, create whatever groups you need to and do your
Code:
net groupmap list
Then, enter your mappings. You'll probably end up with something like this:
Code:
# net groupmap modify ntgroup="Domain Admins"       unixgroup="wheel"
# net groupmap modify ntgroup="Domain Users"        unixgroup="samba"
# net groupmap modify ntgroup="Domain Guests"       unixgroup="nobody"
# net groupmap modify ntgroup="Administrators"      unixgroup="wheel"
# net groupmap modify ntgroup="Users"               unixgroup="samba"
# net groupmap modify ntgroup="Guests"              unixgroup="guest"
#
# net groupmap modify ntgroup="Power Users"         unixgroup="ntpoweru"
# net groupmap modify ntgroup="Account Operators"   unixgroup="account"
# net groupmap modify ntgroup="System Operators"    unixgroup="operator"
# net groupmap modify ntgroup="Print Operators"     unixgroup="print"
# net groupmap modify ntgroup="Backup Operators"    unixgroup="backup"
# net groupmap modify ntgroup="Replicators"         unixgroup="staff"
Hopefully that'll get you going; I will check back in later, and by then, will have hopefully found the HOWTO I wrote up on this some time back when I had to do it myself. Check out "man pdbedit" and "man smb.conf", I seem to recall having spent a lot of time looking there.

Unfortunately a lot of what' s out there on the web is <very> dated, and isn't going to be of much - if it's of any - use to you.

- Larry
Reply With Quote
Reply

Tags
access, linux, problem, share, smb, write

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba share as read only w/ admin write access.... exutable Servers & Networking 6 19th July 2008 06:17 AM
Read / Write access on NTFS using Linux-NTFS andrewski Using Fedora 14 27th March 2006 02:22 PM
Write Access To WinXP Share TheCowGod Servers & Networking 3 28th January 2005 04:16 AM


Current GMT-time: 00:03 (Thursday, 24-07-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat