Permissions of mounted cifs share (Shared from FreeNAS)

mount permissions samba cifs

50,296

Solution 1

write the mount (/etc/fstab in this case) with noperm parameter to instruct local client ignore permission checks. It look like this (works for me,o nce i had ignored local permission rights)

//remote-ip/share /local-path/dir/ cifs  credentials=/your-credential-file,iocharset=utf8,uid=local-user-uid,gid=local-group-id,**noperm** 0 0

Solution 2

You need to add options to force the uid and gid to the values you want on your client machine instead of the values of the server. This can be done by adding the options

uid=xxxx forceuid gid=xxxx forceguid

to your mount command.

50,296

John Dibling

Here's a little joke that cracks me up: So, a guy walks up to me and says, "I'm a tepee. I'm a wigwam. I'm a tepee! I'm a wigwam!" I said to him, "Relax, man. You're two tents!"

Updated on September 18, 2022

Comments

John Dibling over 1 year

I have a FreeNAS installation running under VirtualBox. When I try to mount one of my FreeNAS shares in Ubuntu 12.10, permissions on the share prevent me from entering the directory, listing or creating files.

My intention was to provide a share where the FreeNAS john account has full authority, and the barbara and mark accounts have read-only access. However the permissions of the mounted share pevent me from even listing the directory, let alone create or read any files there.

Am I doing something wrong when mounting the share?

I will try to provide more information below.

I set up my FreeNAS according to the instructions found here. The resulting storage has permisssions as shown here:

enter image description here

(I know I need to tweak the write-permissions for the group.)

Under Windows7, I have no problems mounting the share:

C:\Users\John>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Orion
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : dibnatri.net


Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : dibnatri.net
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 1030
   Physical Address. . . . . . . . . : [redacted]
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, May 14, 2013 6:47:24 AM
   Lease Expires . . . . . . . . . . : Friday, June 20, 2149 1:24:02 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : dibnatri.net
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : [redacted]
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

  [snip]

C:\Users\John>net use
New connections will be remembered.

There are no entries in the list.


C:\Users\John>net use y: /user:john \\192.168.1.20\Tunes
The password is invalid for \\192.168.1.20\Tunes.

Enter the password for 'john' to connect to '192.168.1.20':
The command completed successfully.

Y:\>net use
New connections will be remembered.


Status       Local     Remote                    Network

-------------------------------------------------------------------------------
OK           Y:        \\192.168.1.20\Tunes      Microsoft Windows Network
The command completed successfully.


C:\Users\John>y:

Y:\>dir
 Volume in drive Y is Tunes
 Volume Serial Number is 1D20-98EC

 Directory of Y:\

05/14/2013  06:54 AM    <DIR>          .
05/13/2013  02:58 PM    <DIR>          ..
               0 File(s)              0 bytes
               2 Dir(s)  6,131,715,282,944 bytes free

Y:\>copy con test1
sss
^Z
        1 file(s) copied.

Y:\>dir
 Volume in drive Y is Tunes
 Volume Serial Number is 1D20-98EC

 Directory of Y:\

05/14/2013  06:56 AM    <DIR>          .
05/13/2013  02:58 PM    <DIR>          ..
05/14/2013  06:56 AM                 5 test1
               1 File(s)              5 bytes
               2 Dir(s)  6,131,715,447,808 bytes free

Y:\>type test1
sss

However, attempting to do the same under Ubuntu doesn't work as well:

[johnd:~] $ ifconfig
eth0      Link encap:Ethernet  HWaddr [redacted]  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:215 errors:0 dropped:0 overruns:0 frame:0
          TX packets:215 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:20073 (20.0 KB)  TX bytes:20073 (20.0 KB)

wlan0     Link encap:Ethernet  HWaddr [redacted]  
          inet addr:192.168.1.100  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::4e80:93ff:fe0c:f3a0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2287 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1980 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1669164 (1.6 MB)  TX bytes:761260 (761.2 KB)

[johnd:~] $ sudo mount -l
[sudo] password for johnd: 
/dev/sda5 on / type ext4 (rw,errors=remount-ro)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/fs/cgroup type tmpfs (rw)
none on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
udev on /dev type devtmpfs (rw,mode=0755)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
none on /run/shm type tmpfs (rw,nosuid,nodev)
none on /run/user type tmpfs (rw,noexec,nosuid,nodev,size=104857600,mode=0755)
/dev/sda6 on /home type ext4 (rw)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev)
gvfsd-fuse on /run/user/johnd/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,user=johnd)
[johnd:~] $ ls /mnt/
[johnd:~] $ sudo mkdir /mnt/tunes
[johnd:~] $ ls -l /mnt/
total 4 
drwxr-xr-x 2 root root 4096 May 14 07:04 tunes
[johnd:~] $ ls -l /mnt/
total 4
drwxr-xr-x 2 root root 4096 May 14 07:04 tunes

Note the permissions & owner of /mnt/tunes above. It is about to change, though I don't know if that's expected/correct.

[johnd:~] $ sudo mount -t cifs //192.168.1.20/Tunes /mnt/tunes -o rw,user=john
Password: 
[johnd:~] $ ls -l /mnt/
total 0
drwxrwx--- 2 1001 1003 0 May 14 06:56 tunes

1001 is the uid for john on my FreeNAS, and 1003 is the gid for users there. john should have full access.

[johnd:~] 1 $ ll /mnt/tunes
ls: cannot open directory /mnt/tunes: Permission denied
[johnd:~] 1 $ cat>/mnt/tunes/test2
bash: /mnt/tunes/test2: Permission denied
[johnd:~] 2 $

What am I doing wrong here?

John Dibling almost 11 years

Note that I am comfortable in Linux, but I am by no means an expert. There is much I don't know about permissions, shares, etc.
rtmie almost 11 years

You may need to pass CIFS credentials in mount call (been a while since I worked with CIFS mounts) but check this link askubuntu.com/questions/72471/…
codeScriber over 10 years

if you try as a super user can you list ? copy ? rm ?
BsdHelper over 10 years

@John Dibling Why not create a CIFS share and NFS share on the same directory? Then you can set permissions for specific groups and add John to the writeable group and Barbara and Mark to the read-only group?
John Dibling over 10 years

@BsdHelper: I suppose that would work for *nix clients, but Windows doesn't speak NFS and I would need read/write access from anywhere in the world. Since I posted this question I have completely abandoned FreeNAS, and taken a DIY approach. I now have a linux server running a 5 TB raid 5 array with the correct permissions set everywhere. Turns out I didn't need FreeNAS at all. Thanks for your suggestion.

John Dibling almost 11 years

Are you sure about that? This is a CIFS share on the FreeNAS side, and is intended to be used by both Windows and Linux machines.
Bart.a almost 11 years

Am I sure this will work? No, but you could try.. Yes, the freeNAS will work on windows as well.. But look at your own picture of the permissions tab, it gives you the choice between unix and windows. With unix selected why not use the standard mount protocol for unix
douggro over 10 years

This is what I experienced mounting a cifs share on my machine through fstab - the mount point locally has to have the accessing local user uid and gid assigned. The permissions on the NAS are secondary as long as the correct user/pass combo for the share is presented when mounting.
esmail about 10 years

This is not true. If it is a CIFS/Samba share, attempting to mount it as an NFS share won't do anything. Linux does indeed have clients for mounting this type of share.