LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-13-2016, 12:53 PM   #1
dgermann
Member
 
Registered: Aug 2004
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366

Rep: Reputation: 31
Question uid gid cifs or something else


Friends--

So to a fresh set of eyes (yours) it is obvious what I did wrong and most of what follows was unnecessary to post--you will go right to the problem and point it out easily. Please do.

Symptoms:

1. User cannot move files to trash on network directory
2. User creates network directory, then cannot move files to or from there, nor delete them
3. When user has network file open, LibreOffice reports to other users that a different user has that file open

Environment:

Production environment, all Ubuntu boxes.
--Server: hostname torus; 14.04.3 LTS; running a cifs network; it has home directories and logins for doug and sharon, among others
--Workstation hostname fire, normal user doug; 12.04.5 LTS;
--> Problem Workstation hostname yarn, normal user sharon; 12.04.5 LTS;
--Workstation hostname water, normal user a different name; 12.04.5 LTS;
--There are two other workstations connecting via openvpn, both 12.04 LTS; plus a laptop on 12.04 LTS, and a laptop on 14.04 LTS.

We have had this set up for several years, without this sort of a problem. I am the one who set up all the machines. Just added yarn to the system a week ago.

Key parts of fstab on yarn (the problem box):
Code:
//torus/vol1    /sam/vol1       cifs    rw,nobrl,mand,user,credentials=/root/.smbcredentials,uid=doug,gid=apps  0       0
//torus/vol2    /sam/vol2       cifs    rw,nobrl,mand,user,credentials=/root/.smbcredentials,uid=doug,gid=data  0       0
Key parts of fstab on fire (the oldest box):
Code:
//torus/vol1    /sam/vol1       cifs    rw,nobrl,mand,user,credentials=/root/.toruscredentials,uid=doug,gid=apps        0       0
//torus/vol2    /sam/vol2       cifs    rw,nobrl,mand,user,credentials=/root/.toruscredentials,uid=doug,gid=data        0       0
Key parts of fstab on wind (an openvpn client box):
Code:
//torus/vol2   /sam/vol2       cifs    rw,nobrl,mand,user,credentials=/root/.toruscredentials,uid=doug,gid=data  0       0
//torus/vol1   /sam/vol1       cifs    rw,nobrl,mand,user,credentials=/root/.toruscredentials,uid=doug,gid=apps  0       0
Note that although all boxes mount the network using uid doug, the users on all workstations do login as doug or sharon or whoever they are. Each station reports to each other that the files they have open are by the users of those workstations. But when a file is open in LO on yarn, and doug tries to open the same file in LO on fire, it reports it is opened by doug, not sharon as it should.

id command on torus (server):
Code:
id sharon
uid=1002(sharon) gid=1005(sharon) groups=1005(sharon)
id doug
uid=1000(doug) gid=1000(doug) groups=1000(doug),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),109(sambashare),113(lpadmin),1001(apps),1002(data)
id command on yarn (problem box):
Code:
id sharon
uid=1001(sharon) gid=1003(sharon) groups=1003(sharon),1000(doug),124(sambashare),1001(apps),1002(data)
id doug
uid=1000(doug) gid=1000(doug) groups=1000(doug),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),109(lpadmin),113(netdev),124(sambashare),1001(apps),1002(data)
id command on fire (box that is working ok):
Code:
id sharon
id: sharon: No such user
doug@fire:~$ id doug
uid=1000(doug) gid=1000(doug) groups=1000(doug),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),109(lpadmin),113(netdev),124(sambashare),1001(apps),1002(data)
/etc/samba/smb.conf on torus (server):
Code:
[global]
        workgroup = EVERYONE
        server string = %h server (Samba, Ubuntu)
        map to guest = Bad User
        obey pam restrictions = Yes
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:
* %n\n *password\supdated\ssuccessfully* .
        unix password sync = Yes
        lanman auth = Yes
        client lanman auth = Yes
        client plaintext auth = Yes
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        printcap name = cups
        disable spoolss = Yes
        show add printer wizard = No
        hosts allow = 192.168.0.0/24 10.8.0.0/24 10.8.20.0/24 127.0.0.1
        interfaces = 192.168.0.0/24 10.8.0.0/24 10.8.20.0/24 10.8.1.0/24 eth* tun* lo

#######ddg20151026
	#interfaces = eth* tun* lo
	#bind interfaces only = yes
#######
        dns proxy = No
        usershare allow guests = Yes
        panic action = /usr/share/samba/panic-action %d
        create mask = 0775

[printers]
        comment = All Printers
        path = /var/spool/samba
        create mask = 0700
        printable = Yes
        browseable = No
        browsable = No

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/printers

[homes]
        comment = Home Directories
        valid users = %S
        read only = No
        browseable = No
        browsable = No

[vol1]
        path = /vol1
        valid users = doug, sharon, [blanked]
        force user = doug
        force group = apps
        read only = No

[vol2]
        path = /vol2
        valid users = doug, sharon, [blanked]
        force user = doug
        force group = data
        read only = No

[label]
        path = /vol1/apps/label
        valid users = doug, sharon, [blanked], @apps, @data
        force user = doug
        force group = data
        read only = No

[doug2]
        path = /doug2
        valid users = [blanked]
        force user = [blanked]
        force group = [blanked]
        read only = No
        browseable = No
        browsable = No

[etc]
        path = /etc
        valid users = [blanked]
        force user = [blanked]
        force group = [blanked]
        read only = No
        browseable = No
        browsable = No
[home]
        path = /home
        valid users = [blanked]
        force user = [blanked]
        force group = [blanked]
        read only = No
        browseable = No
        browsable = No
The trash issue: sharon has a .Trash directory on /[mountpoint]/vol2, as seen on torus (server):
Code:
drwxrwxr-x   5 sharon sharon 4.0K Jan 13 21:46 .Trash-1002
But as shown on yarn (the problem box) (also, fire shows the same):
Code:
drwxrwxr-x   5 doug data    0 Jan 13 21:46 .Trash-1002
In Nautilus:
1. when sharon creates a file (using either touch on cli or Nautilus create empty file) it will not allow sharon to delete it: Cannot move file to trash, do you want to delete immediately? it asks.
2. when sharon checks permissions on the .Trash-1002 directory, it reports the owner is doug and "You are not the owner, so you cannot change these permissions."

As to the issue regarding sharon creating new network directories and being unable to save to them:

sharon creates new directory called test-sat using Nautilus, cannot copy files to it from another directory.
doug then creates files in this directory via cli and touch.
doug cannot chown, either as doug or as sudo.
doug can and does chmod 777 one file
sharon cannot move this file, but can open both files.
torus (server) reports these files:
Code:
-rw-rw-r--  1 doug data    0 Feb 13 13:24 test-sat
-rwxrwxrwx  1 doug data    0 Feb 13 13:24 test-sat2
on torus via sudo, chown sharon:sharon test-sat2, now torus reports, as expected:
Code:
-rw-rw-r--  1 doug   data      0 Feb 13 13:24 test-sat
-rwxrwxrwx  1 sharon sharon    0 Feb 13 13:24 test-sat2
Back on yarn (the problem box):
Nautilus reports "you are not the owner," showing owner as doug
sharon cannot delete file by highlighting and hitting delete, and move to trash is greyed-out.
sharon cannot rm -rvf from cli: "Permission denied."

So how would you trouble-shoot this? What are the steps I should take to investigate?

Thanks!
 
Old 02-17-2016, 01:12 PM   #2
malekmustaq
Senior Member
 
Registered: Dec 2008
Location: root
Distribution: Slackware & BSD
Posts: 1,669

Rep: Reputation: 498Reputation: 498Reputation: 498Reputation: 498Reputation: 498
Quote:
Symptoms:

1. User cannot move files to trash on network directory
2. User creates network directory, then cannot move files to or from there, nor delete them
3. When user has network file open, LibreOffice reports to other users that a different user has that file open
Check the effective user ACL, and the umask. To understand read the manual in the terminal by typing
Quote:
man acl
or
Quote:
man setfacl
and
Quote:
man umask
.

Hope that helps.
 
Old 02-17-2016, 08:35 PM   #3
dgermann
Member
 
Registered: Aug 2004
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366

Original Poster
Rep: Reputation: 31
Question

malekmustaq--

Thank you for helping me.

The umask for this machine has not been changed from standard: the user is 0002, and root is 0022.

I know nothing about acl, and will study more on it if you think that makes sense after reading this: I have made no changes on acl on this or any machine. Also, I ran getfacl on this directory and get (which seems what I would have expected):
Code:
# owner: doug
# group: data
# flags: -s-
user::rwx
group::rwx
other::r-x
On one of the test files I get:
Code:
# owner: doug
# group: data
user::rw-
group::rw-
other::r--
Expected that is except that the owner should be sharon not doug.

So that's it on acl. Do I need to learn about that, still?

Since my post I have changed things on yarn (the problem box) so that the uid and gid of sharon on both yarn and torus (the server) are identical. Running id sharon on both of these boxes gives identical results. Still the problems noted in the original post persist.

As you might notice, I have set the directory these files are in to
drwxrwsr-x 16 doug data 4.0K Feb 16 22:42 (as shown on torus the server)
drwxrwsr-x 16 doug data 0 Feb 16 22:42 (as shown on yarn the problem box)
Notice the s in group.

What do I need to try next, if you please, malekmustaq?
 
Old 02-18-2016, 06:19 AM   #4
malekmustaq
Senior Member
 
Registered: Dec 2008
Location: root
Distribution: Slackware & BSD
Posts: 1,669

Rep: Reputation: 498Reputation: 498Reputation: 498Reputation: 498Reputation: 498
What does samba log say or complain? Can you post it here?

Try, or test, create a share folder in your server.
Try put this in your smb.conf, create a samba shared folder, put on anything to it, create, move, delete whatever, using any of your user accounts.
Create a trial folder and put this into your .conf.
Quote:
[Shared]
comment = ShareForAllMyUsers
path = /to/your/samba/shared
read only = No
guest ok = Yes
public = Yes
browseable = Yes
create mask = 0666
directory mask = 0777
See if you will get idea.

Last edited by malekmustaq; 02-18-2016 at 06:20 AM.
 
Old 02-18-2016, 10:07 AM   #5
dgermann
Member
 
Registered: Aug 2004
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366

Original Poster
Rep: Reputation: 31
Smile

malekmustaq--

Thank you!

Will be away from this computer for a few days. Will respond when I get back to it.

Thanks for helping me, malekmustaq!
 
Old 02-19-2016, 04:44 PM   #6
RootMason
Member
 
Registered: Oct 2012
Location: Tucson, AZ
Distribution: Debian/CentOS
Posts: 124

Rep: Reputation: 5
Hello dgermann!

Wow, that's a pretty complicated situation you have there! I see you've really been burning up the brain cells trying to figure that out and, honestly, so did I just trying to wrap my brain around your issue!

I'll try and keep my ideas short so I'm not running you in circles, in case I don't understand your problem correctly...

I would guess that your issue is either with connecting to the share via FSTAB using UID "doug", or possibly using "force user=doug" in your smb.conf file.

After speaking to a fellow sysadmin here, maybe also your upper-level directory permissions?

I also agree with malekmustaq about the looking into umask, testing the share with one wide open & checking those log files (I'd recommend starting with the log files before doing anything else).

Last edited by RootMason; 02-19-2016 at 04:50 PM. Reason: Adding information
 
Old 02-20-2016, 05:54 PM   #7
dgermann
Member
 
Registered: Aug 2004
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366

Original Poster
Rep: Reputation: 31
Question

RootMason--

Still not able to invest time in trying out suggestions. A couple days more and then I should have some time to test things.

Do want to say Thank You for helping out!

Which specific log files do you have in mind?

And what do you mean testing with one share wide open? Are you referring to malekmustaq's suggestion for the smb.conf file? I intend to do that the next couple of days.

Thanks, RootMason!
 
Old 02-21-2016, 07:37 PM   #8
dgermann
Member
 
Registered: Aug 2004
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366

Original Poster
Rep: Reputation: 31
Question

malekmustaq--

OK, I added what you had to my smb.conf file. It now reads at the end of the file:
Code:
#####ddg 20160221:

[Shared]
        comment = ShareForAllMyUsers
        path = /vol3
        read only = No
        guest ok = Yes
        public = Yes
        browseable = Yes
        create mask = 0666
        directory mask = 0777 
#####end
Look right to you?

Then on torus, the server:
Code:
doug@torus:/etc/samba$ sudo mkdir /vol3
doug@torus:/etc/samba$ sudo chown doug:data /vol3
doug@torus:/etc/samba$ sudo chmod 777 /vol3
doug@torus:/etc/samba$ ls -lan /vol3
total 8
drwxrwxrwx  2 1000 1002 4096 Feb 21 19:32 .
drwxr-xr-x 25    0    0 4096 Feb 21 19:32 ..
doug@torus:/etc/samba$ sudo service smbd stop
smbd stop/waiting
doug@torus:/etc/samba$ sudo service nmbd stop
nmbd stop/waiting
doug@torus:/etc/samba$ sudo service nmbd restart
stop: Unknown instance: 
nmbd start/running, process 14464
doug@torus:/etc/samba$ sudo service smbd restart
stop: Unknown instance: 
smbd start/running, process 14476
Then on yarn, the client:
Code:
doug@yarn:~$ sudo mkdir /sam/vol3
[sudo] password for doug: 
doug@yarn:~$ sudo chown doug:data /sam/vol3
doug@yarn:~$ sudo chmod 777 /sam/vol3
doug@yarn:~$ ls -lan
total 8
drwxrwxrwx 2 1000 1002 4096 Feb 21 19:38 .
drwxrwxr-x 5 1000 1000 4096 Feb 21 19:38 ..

doug@yarn:~$ sudo login sharon
Password: 
Last login: Mon Feb 15 22:36:17 EST 2016 on pts/0
Welcome to Ubuntu 12.04.5 LTS (GNU/Linux 3.13.0-77-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

1 package can be updated.
0 updates are security updates.

New release '14.04.3 LTS' available.
Run 'do-release-upgrade' to upgrade to it.


Your Hardware Enablement Stack (HWE) is supported until April 2017.

sharon@yarn:~$ cd /sam/vol3
sharon@yarn:/sam/vol3$ ls -lan
total 8
drwxrwxrwx 2 1000 1002 4096 Feb 21 19:38 .
drwxrwxr-x 5 1000 1000 4096 Feb 21 19:38 ..
sharon@yarn:/sam/vol3$ touch testsharontouch
sharon@yarn:/sam/vol3$ ls -lan
total 8
drwxrwxrwx 2 1000 1002 4096 Feb 21 19:43 .
drwxrwxr-x 5 1000 1000 4096 Feb 21 19:38 ..
-rw-rw-r-- 1 1002 1005    0 Feb 21 19:43 testsharontouch
Well, now, that does not seem right, does it? Shouldn't it be 666 not 664?

Note that in /etc/passwd on both torus and yarn the entry for sharon reads:
Code:
sharon:x:1002:1005:,,,:/home/sharon:/bin/bash
The user sharon was able to nano edit the test file, and mv it to another directory. However, when moving it back the ownership now becomes 1002:1002. (gid data is 1002). Then:
Code:
sharon@yarn:/sam/vol3$ cp testsharontouch testsharontouch.1
sharon@yarn:/sam/vol3$ ls -aln
total 16
drwxrwxrwx 2 1000 1002 4096 Feb 21 19:59 .
drwxrwxr-x 5 1000 1000 4096 Feb 21 19:38 ..
-rw-rw-r-- 1 1002 1002   15 Feb 21 19:54 testsharontouch
-rw-rw-r-- 1 1002 1005   15 Feb 21 19:59 testsharontouch.1
Strange that the copy is not 1002:1002 like the original.

User sharon was able to rm the original testsharontouch file.

So actions on the new test directory seem to work OK.

In nautilus, a directory and file are created ok; however, user sharon still cannot move to trash, and is offered instead to delete immediately. So this does *not* work as expected.

What does all this tell us? What are the next steps?

At this point I notice: I never mounted /sam/vol3 in yarn! How could I even see it there? So:
Code:
doug@yarn:~$ sudo mount -a
Retrying with upper case share name
mount error(6): No such device or address
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
I even tried umounting it, and then mount -a and same results, but it is still there! Same thing after a reboot! Several entries in syslog:
Code:
Feb 21 20:31:04 yarn kernel: [   20.549056] CIFS VFS: cifs_mount failed w/return code = -6
and several in dmesg:
Code:
[    8.287195] CIFS VFS: cifs_mount failed w/return code = -101
Thanks, malekmustaq!

@RootMason:

What do you mean by upper level permissions? In this example, do you mean /sam/vol3, or /sam, or even /?

I wonder too about force user=doug. That has been working for a decade or more, but not sure why I have it. Perhaps it has to do with using the mount in fstab. Guess each user could have their machine automount using their own credentials, but perhaps that could create its own set of problems. How do you do cifs automounts in your setting? What have you seen others do?

Specifically what would I do differently with umask? Maybe that is not necessary, given the partial progress in the smb.conf file....

Thanks, RootMason!
 
Old 02-21-2016, 07:48 PM   #9
dgermann
Member
 
Registered: Aug 2004
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366

Original Poster
Rep: Reputation: 31
Question

Friends--

Just tried using sharon's credentials instead of doug's in the .smbcredentials file, and it will not mount the directories from torus. (Maybe it is the force user?)

Also, I wonder if mounting is superfluous when the smb.conf file allows guest access?
 
Old 02-24-2016, 06:52 PM   #10
dgermann
Member
 
Registered: Aug 2004
Distribution: Ubuntu 16.04 lts desk; Ubuntu 14.04 server
Posts: 366

Original Poster
Rep: Reputation: 31
Question

malekmustaq and RootMason--

Here is another problem I have been having with this network. Perhaps it is related to this set up?

A remote user, becky, connects via openvpn. About 40% of the time if she has to reboot, she cannot get a connection to the samba shares. She is able to boot up her computer, but cannot see the file trees in nautilus. If she reboots the machine repeatedly, eventually she connects.

Let's posit that the issue is in the samba configuration. Where would you look to narrow down what the issue would be? Some portion of the smb.conf file? Which part?

Could that give us a clue as to the issue with yarn?

Thanks!
 
  


Reply

Tags
cifs, delete, file locks, gid, uid


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
mount with given uid,gid ernst Linux - General 1 09-11-2008 08:04 AM
what is uid and gid rmanocha Linux - Software 9 08-18-2008 11:03 PM
cifs not using uid and gid mattd7591 Linux - General 10 07-19-2007 11:30 AM
What is my uid/gid? Jeebizz Slackware 2 11-22-2005 11:39 AM
changing uid, gid zeke1955 Linux - General 4 01-09-2004 11:53 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration