[arch-general] [SOLVED] Re: clients can no longer mount.cifs the '/' samba share from current Arch server (long)

David C. Rankin drankinatty at suddenlinkmail.com
Fri Jan 10 23:39:25 EST 2014 

On 01/08/2014 04:22 AM, Martti Kühne wrote:
> On Wed, Jan 8, 2014 at 4:20 AM, David C. Rankin
> <drankinatty at suddenlinkmail.com> wrote:
> [...]
>>
>>   So this is starting to look more like a smb problem after all. Got any other
>> thoughts?
> 
> 
> comparing with the config you posted and [0], why not take the error
> message literally?
> 
> cheers!
> mar77i
> 
> [0] http://www.samba.org/samba/docs/using_samba/ch09.html#samba2-CHP-9-SECT-2
> 

Well,

  I see what you are saying, but that does not explain why mounting a '/' share
suddenly starts to fail upon upgrade to samba 4.1.3. The error itself suggests a
permissions problem:

mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

  However, that was precisely what the 'admin users' option was designed to provide:

        admin users = david

  From the link above:

<quote>
admin users

This option specifies a list of users that perform file operations as if they
were root. This means that they can modify or destroy any other user's files,
regardless of the permissions. Any files that they create will have root
ownership and will use the default group of the admin user. The admin users
option allows PC users to act as administrators for particular shares. Be very
careful when using this option, and make sure good password and other security
policies are in place.
</quote>

  And for all versions of samba from 1.8.x through 3.6.7, that is exactly what
the 'admin users' option allowed. Testing the default config in 4.1.3 (testparm
-v), 'invalid users' is unset:

        invalid users =
        valid users =
        admin users = david

  So there should be no prohibition to mounting the config share.

*********************** HOLY CR...... ************************

  I have tested the share incrementally trying without the 'force user' and then
'force group' but I had never removed both at the same time. I just tested that
and BINGO! it works.

  Thank you Martti!  The link did not mention the prohibition, but it did prompt
the additional information that solved this!

[22:34 providence:/home/david] # mount.cifs //phoinix/config /mnt/phx-cfg/ -v -o
username=david,uid=1000,credentials=/home/david/.dcr/mountcfile
mount.cifs kernel mount options:
ip=192.168.7.16,unc=\\phoinix\config,uid=1000,user=david,pass=********
[22:34 providence:/home/david] # l /mnt/phx-cfg
total 8
<snip>
drwxr-xr-x   4 david root     0 Dec 26 13:02 boot
drwxr-xr-x  58 david david    0 Jan  2 23:51 dat_e
drwxr-xr-x  11 david david    0 Aug 23  2012 dat_f
drwxr-xr-x  17 david root     0 Dec 26 13:05 dev
drwxr-xr-x  71 david root     0 Jan 10 21:01 etc
drwxr-xr-x  14 david root     0 Dec  9 12:17 home
<snip>
[22:34 providence:/home/david] # mount
//phoinix/config on /mnt/phx-cfg type cifs
(rw,relatime,vers=1.0,sec=ntlm,cache=loose,unc=\\phoinix\config,username=david,uid=1000,forceuid,gid=0,noforcegid,addr=192.168.7.16,unix,posixpaths,serverino,acl,rsize=1048576,wsize=65536,actimeo=1)

  It works -- this one is done...

-- 
David C. Rankin, J.D.,P.E.

More information about the arch-general mailing list