Hello, first time on this mailing list, so any etiquette tips are
appreciated!
I'm using Samba 3 on a file server at work, and I've noticed some apparent
quirks in permissions handling for Linux clients. I've tried to isolate the
issues to a small set of variables, and I'll describe this limited case
below.
To summarize, when I use mount.cifs to access a share with
1. unix extensions enabled on the server, and
2. Samba mask/mode settings that should affect the first
(setuid/setgid/sticky)
octal bit,
the mask/mode settings for the first octal bit are ignored for folders, but
preserved for files.
In other words, if my Samba share has all of the *mask and *mode options set
to 7777, and I mount that share with unix extensions enabled, files that I
create will be give a mode of 7777, but folders will be given a mode of
1777.
This behavior is not present when I mount the share with the unix extensions
disabled, or when I access the share using smbclient.
I would much prefer to operate with the unix extensions enabled, as it
allows
the client to accurately reflect the permissions present on the server,
but I
can't for the life of me figure out how to make the client obey the server's
mode/mask directives!
It should go without saying, but I'm not actually trying to use these
particular modes in production. I ran into this issue when trying to enforce
more sane permissions, but my example that follows uses these modes to
illustrate the issue I'm experiencing.
Below you will find a (fairly) detailed example that I ran to illustrate
this
problem. I'm sorry it is so long, but I wanted to give as much detail in
this
first message as possible.
Thanks!
Kerrigan Joseph
# where are we? #
## server ##
$ whoami
jt
$ hostname
ws073
$ uname -a
Linux ws073 3.11.0-12-generic #19-Ubuntu SMP Wed Oct 9 16:20:46 UTC 2013
x86_64 x86_64 x86_64 GNU/Linux
$ lsb_release -a
No LSB modules are available.
Distributor ID: LinuxMint
Description: Linux Mint 16 Petra
Release: 16
Codename: petra
$ smbd --version
Version 3.6.18
$ cat /etc/samba/smb.conf
[global]
workgroup = WORKGROUP
server string = %h server (Samba, Linux Mint)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
unix extensions = yes
[test]
comment = Test Share
path = /home/jt/mnt/sambatest
valid users = @jt
public = no
writable = yes
browseable = no
create mask = 7777
force create mode = 7777
security mask = 7777
force security mode = 7777
directory mask = 7777
force directory mode = 7777
directory security mask = 7777
force directory security mode = 7777
$ cd ~/mnt/sambatest && pwd
/home/jt/mnt/sambatest
$ stat .
File: ‘.’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 801h/2049d Inode: 5245516 Links: 2
Access: (0777/drwxrwxrwx) Uid: ( 1000/ jt) Gid: ( 1000/ jt)
Access: 2014-11-20 09:37:24.018014130 -0600
Modify: 2014-11-20 09:37:23.458014110 -0600
Change: 2014-11-20 09:37:23.458014110 -0600
Birth: -
$ sudo service smbd restart
smbd stop/waiting
smbd start/running, process 26535
## client ##
$ whoami
kerrigan
$ hostname
ws093
$ uname -a
Linux ws093 3.11.0-12-generic #19-Ubuntu SMP Wed Oct 9 16:20:46 UTC 2013
x86_64 x86_64 x86_64 GNU/Linux
$ lsb_release -a
No LSB modules are available.
Distributor ID: LinuxMint
Description: Linux Mint 16 Petra
Release: 16
Codename: petra
$ mount.cifs --version
mount.cifs version: 6.0
$ smbclient --version
Version 3.6.18
$ cd ~/sambatest && pwd
/home/kerrigan/sambatest
$ stat .
File: ‘.’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 801h/2049d Inode: 923915 Links: 2
Access: (0755/drwxr-xr-x) Uid: ( 1000/kerrigan) Gid: ( 1000/kerrigan)
Access: 2014-11-20 09:48:51.449875086 -0600
Modify: 2014-11-20 09:48:51.449875086 -0600
Change: 2014-11-20 09:48:51.449875086 -0600
Birth: -
# mount it on the client with the default of unix extensions enabled #
$ cd ..
$ sudo mount.cifs -o user=jt,uid=kerrigan,gid=kerrigan //ws073/test
sambatest
Password for jt@//ws073/test: <entered password>
$ cd sambatest
$ mount | grep ws073
//ws073/test on /home/kerrigan/sambatest type cifs (rw)
$ touch file1 && mkdir folder1 && ls -l
$ stat file1 | grep Uid
Access: (7777/-rwsrwsrwt) Uid: ( 1000/kerrigan) Gid: ( 1000/kerrigan)
$ stat folder1 | grep Uid # look at octal mode!
Access: (1777/drwxrwxrwt) Uid: ( 1000/kerrigan) Gid: ( 1000/kerrigan)
# look at the files on the server #
$ pwd
/home/jt/mnt/sambatest
$ ls -l
total 4
-rwsrwsrwt 1 jt jt 0 Nov 20 09:59 file1
drwxrwxrwt 2 jt jt 4096 Nov 20 09:58 folder1
$ stat file1 | grep Uid
Access: (7777/-rwsrwsrwt) Uid: ( 1000/ jt) Gid: ( 1000/ jt)
$ stat folder1 | grep Uid # look at the octal mode
Access: (1777/drwxrwxrwt) Uid: ( 1000/ jt) Gid: ( 1000/ jt)
# mount on the client with nounix disabling unix extensions #
$ cd ..
$ sudo umount sambatest
$ sudo mount.cifs -o user=jt,uid=kerrigan,gid=kerrigan,nounix
//ws073/test sambatest
Password for jt@//ws073/test: <entered password>
$ cd sambatest
$ ls -l
total 0
-rwxr-xr-x 0 kerrigan kerrigan 0 Nov 20 09:59 file1
drwxr-xr-x 0 kerrigan kerrigan 0 Nov 20 09:58 folder1
$ touch file2 && mkdir folder2 && ls -l
total 0
-rwxr-xr-x 0 kerrigan kerrigan 0 Nov 20 09:59 file1
-rwxr-xr-x 0 kerrigan kerrigan 0 Nov 20 10:06 file2
drwxr-xr-x 0 kerrigan kerrigan 0 Nov 20 09:58 folder1
drwxr-xr-x 0 kerrigan kerrigan 0 Nov 20 10:05 folder2
# look at files on the server #
$ stat file2 | grep Uid
Access: (7777/-rwsrwsrwt) Uid: ( 1000/ jt) Gid: ( 1000/ jt)
$ stat folder2 | grep Uid # look at the octal mode now
Access: (7777/drwsrwsrwt) Uid: ( 1000/ jt) Gid: ( 1000/ jt)
# make a directory on the client using smbclient #
$ cd .. && sudo umount sambatest
$ smbclient //ws073/test --user=jt
Enter jt's password: <entered password>
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.18]
smb: \> mkdir folder3
smb: \> exit
# on the server #
$ stat folder3 | grep Uid # same octal mode as with nounix
Access: (7777/drwsrwsrwt) Uid: ( 1000/ jt) Gid: ( 1000/ jt)
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html