LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-18-2019, 07:45 PM   #1
gregorywest
LQ Newbie
 
Registered: Nov 2019
Location: Manitoba Canada
Distribution: Centos, SUSE, Debian, Ubuntu, Fedora....
Posts: 6

Rep: Reputation: Disabled
fstab mounting cifs voumes in file_mode=755 / readonly , needs to be readwrite


I have a samba server on one centos box. This is being used as a storage area for fines. Connecting to it are a Mac and another Centos box.

The problem I am having is both the Mac and the Centos WS have the mounts as read only. I have tried everything I can think of to fix the issue but keep coming up read only.

Any help, point in the right direction would be awesome.

Greg

For reference the server smb.conf is:
Code:
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.

[global]
	log file = /var/log/samba/log.%m
	hosts allow = 192.168. 0.
	passdb backend = tdbsam
	netbios name = mindhole
	netbios aliases = mindhole
	server string = SambaServer
	logon script = logon.bat
	workgroup = GROUPTHINK
	logon path = \\%L\Profiles\%U
	security = user
	syslog = 0
	create mode = 777
	add machine script = /usr/sbin/useradd -d /dev/null -g 200 -s /sbin/nologin -M %u
	max log size = 1000
	directory mode = 777

#==================================== Share Definitions ===============================

[homes]
	comment = Home Directories
	valid users = %S, %D%w%S
	browseable = No
	read only = No
	inherit acls = Yes

[Profiles]
  path = /var/lib/samba/profiles
  create mask = 0777
  directory mask = 0777
  writable = Yes

[users]
    path = /samba/users
    browseable = yes
    read only = no
    force create mode = 0666
    force directory mode = 2664
    valid users = @sambashare @sadmin

[netlogon]
  comment = Network Logon Service
  path = /var/lib/samba/netlogon
  browseable = No

[archives]
	comment = Archive Area
	path = /srvnfs/archives
    browsable = yes
    writeable = yes
	create mode = 0664
	public = yes
	directory mode = 0664
    guest ok = yes

[working]
	writeable = yes
	delete readonly = yes
	path = /srvnfs/working
	force directory mode = 664
	force create mode = 664
	create mode = 664
	public = yes
	directory mode = 664 
    write list = scatterbrainz, root
    
    
[reference]
	writeable = yes
	path = /srvnfs/reference
	public = yes
	create mode = 664
	directory mode = 664

[ttc]
	writeable = yes
    readonly = no
    guest ok = yes
	path = /srvnfs/TTC - Everything
	public = yes
	force create mode = 664
    write list = scatterbrainz, root


[scatterbrainz]
	create mode = 0666
	path = /samba/scatterbrainz
	directory mode = 2664
        public = yes
        writeable = yes
The fstab is:
Code:
//192.168.0.101/ttc /mount/ttc cifs domain=GROUPTHINK,username=scatterbrainz,password=********
The info from mount is:
Code:
//192.168.0.101/ttc on /mount/ttc type cifs (rw,relatime,vers=default,cache=strict,username=scatterbrainz,domain=GROUPTHINK,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.0.101,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=1048576,wsize=1048576,echo_interval=60,actimeo=1)
 
Old 11-19-2019, 04:35 AM   #2
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware & Android
Posts: 10,672

Rep: Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185
What matters is who mounts the drive. If root mounts it, it's going to be read only for all users.

One alternative in (as root) make all the first level directories user owned.
So /mnt/disk is ro, but /mnt/disk/subdirs are r/w.

Last edited by business_kid; 11-19-2019 at 04:58 AM.
 
Old 11-19-2019, 11:47 AM   #3
gregorywest
LQ Newbie
 
Registered: Nov 2019
Location: Manitoba Canada
Distribution: Centos, SUSE, Debian, Ubuntu, Fedora....
Posts: 6

Original Poster
Rep: Reputation: Disabled
Question

Quote:
Originally Posted by business_kid View Post
What matters is who mounts the drive. If root mounts it, it's going to be read only for all users.

One alternative in (as root) make all the first level directories user owned.
So /mnt/disk is ro, but /mnt/disk/subdirs are r/w.
OK, let me see if I am understanding you.
I have 3 user UD's involved, one on the workstation WS-UID, one as a Samba user SMB-UID, one on the server SRV-UID.

Question, when I establish the mounts:

A) The user logged into the WS should be WS-UID and not root.
B) The userid used in the mount line in fstab should be SMB-UID.
C) Both A and B have to be true.

Is there any connection or issues with SRV-UID and its privileges, or is all that controlled via Samba's security?
 
Old 11-21-2019, 02:59 AM   #4
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware & Android
Posts: 10,672

Rep: Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185
I didn't concern myself with samba, but with mount and the kernel. You also need the 'user' option in fstab for for drives also. I think you might make it by correct ownerships on the subdirs. What same allows you to do is another question.
 
Old 11-22-2019, 06:41 PM   #5
gregorywest
LQ Newbie
 
Registered: Nov 2019
Location: Manitoba Canada
Distribution: Centos, SUSE, Debian, Ubuntu, Fedora....
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by business_kid View Post
I didn't concern myself with samba, but with mount and the kernel. You also need the 'user' option in fstab for for drives also. I think you might make it by correct ownerships on the subdirs. What same allows you to do is another question.
all the folders are owned by the same username. I can create files under that user name on both local and remove Linux boxes. I can also mount the shares on the Mac, read files but unable to write.
 
Old 11-23-2019, 03:00 AM   #6
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware & Android
Posts: 10,672

Rep: Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185Reputation: 1185
The way I would tackle that is let it mount root only, but make subdirs with appropriate user & group permissions. Then /mnt/drive is ro, but /mnt/drive/subdirs are rw.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
fstab mounting cifs voumes in file_mode=755, need it to be 777, I think gregorywest Linux - Security 1 11-19-2019 09:59 AM
server startup error: "cannot find / in /etc/fstab or /etc/mtab"; /etc/fstab readonly knee-co Linux - Newbie 8 09-12-2010 06:37 PM
-bash: HISTSIZE: readonly variable -bash: HISTFILESIZE: readonly variable deathsfriend99 Linux - Newbie 4 12-08-2009 01:51 PM
Difference between Readonly Filesystem and Mounting filesystem as readonly bluepenguine Linux - Newbie 1 06-19-2009 02:26 AM
Unable to mount Fat32 partition as readwrite cgoerner Linux - Newbie 3 05-04-2004 07:11 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration