[Samba] smb mount as root, access as non-root. Changed behaviour between samba 3.0.x and 3.4.x?
Hi List, I have an appliance (the client) which mounts a CIFS share from a Samba server - the Samba server usually runs on an Ubuntu system. Within the client, the root user executes a mount command like this: mount.cifs \\UBUNTUSERVER\archive /tmp/Default \ -o noserverino,user='someuser',pass='somepassword',uid='50',gid='7' That uid/gid pair belongs to the lp user on the client. Once the share is mounted, a process belonging to another user (lp in this case) writes data into the share. When I use Ubuntu 8.04 for the samba server, which ships with Samba 3.0.28, this works. On Ubuntu 10.04 which contains Samba 3.4.7, I am unable to write to the share as the lp user (though root - the original share-mounter - is able to). I'm struggling to find what might have changed (a security improvement?, an alteration of a default option?), and whether I can work around this change? Can anyone offer any suggestions? regards, Seb James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb mount as root, access as non-root. Changed behaviour between samba 3.0.x and 3.4.x?
On Fri, 2010-07-16 at 17:02 +0100, Seb James wrote: Hi List, I have an appliance (the client) which mounts a CIFS share from a Samba server - the Samba server usually runs on an Ubuntu system. Within the client, the root user executes a mount command like this: mount.cifs \\UBUNTUSERVER\archive /tmp/Default \ -o noserverino,user='someuser',pass='somepassword',uid='50',gid='7' That uid/gid pair belongs to the lp user on the client. Once the share is mounted, a process belonging to another user (lp in this case) writes data into the share. When I use Ubuntu 8.04 for the samba server, which ships with Samba 3.0.28, this works. On Ubuntu 10.04 which contains Samba 3.4.7, I am unable to write to the share as the lp user (though root - the original share-mounter - is able to). I'm struggling to find what might have changed (a security improvement?, an alteration of a default option?), and whether I can work around this change? As a follow up to my first message, here is the samba log (level 3) output from the Ubuntu 10.04 server when the lp owned process tries to write data to the share: [2010/07/16 17:07:45, 3] smbd/process.c:1273(switch_message) switch message SMBtrans2 (pid 4037) conn 0x7ffed1cb3730 [2010/07/16 17:07:45, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0 [2010/07/16 17:07:45, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 263 [2010/07/16 17:07:45, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [statusprintout_Jul1610_170745.prn] [/var/spool/ShareArchive] [2010/07/16 17:07:45, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: statusprintout_Jul1610_170745.prn reduced to /var/spool/ShareArchive/statusprintout_Jul1610_170745.prn [2010/07/16 17:07:45, 3] smbd/trans2.c:4050(call_trans2qfilepathinfo) call_trans2qfilepathinfo: SMB_VFS_STAT of statusprintout_Jul1610_170745.prn failed (No such file or directory) [2010/07/16 17:07:45, 3] smbd/error.c:153(reply_unix_error) unix_error_packet: error string = No such file or directory [2010/07/16 17:07:45, 3] smbd/error.c:60(error_packet_set) error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND [2010/07/16 17:07:45, 3] smbd/process.c:1459(process_smb) Transaction 328 of length 78 (0 toread) [2010/07/16 17:07:45, 3] smbd/process.c:1273(switch_message) switch message SMBtrans2 (pid 4037) conn 0x7ffed1cb25f0 [2010/07/16 17:07:45, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0 [2010/07/16 17:07:45, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 263 [2010/07/16 17:07:45, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [.] [/var/spool/ShareInput2] [2010/07/16 17:07:45, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: . reduced to /var/spool/ShareInput2 [2010/07/16 17:07:45, 3] smbd/trans2.c:4070(call_trans2qfilepathinfo) call_trans2qfilepathinfo . (fnum = -1) level=263 call=5 total_data=0 [2010/07/16 17:07:45, 3] smbd/process.c:1459(process_smb) regards, Seb James -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb mount as root, access as non-root. Changed behaviour between samba 3.0.x and 3.4.x?
On Fri, 2010-07-16 at 20:21 +0100, Seb James wrote: On Fri, 2010-07-16 at 17:02 +0100, Seb James wrote: Hi List, I have an appliance (the client) which mounts a CIFS share from a Samba server - the Samba server usually runs on an Ubuntu system. Within the client, the root user executes a mount command like this: mount.cifs \\UBUNTUSERVER\archive /tmp/Default \ -o noserverino,user='someuser',pass='somepassword',uid='50',gid='7' That uid/gid pair belongs to the lp user on the client. Once the share is mounted, a process belonging to another user (lp in this case) writes data into the share. When I use Ubuntu 8.04 for the samba server, which ships with Samba 3.0.28, this works. On Ubuntu 10.04 which contains Samba 3.4.7, I am unable to write to the share as the lp user (though root - the original share-mounter - is able to). I'm struggling to find what might have changed (a security improvement?, an alteration of a default option?), and whether I can work around this change? As a follow up to my first message, here is the samba log (level 3) output from the Ubuntu 10.04 server when the lp owned process tries to write data to the share: [2010/07/16 17:07:45, 3] smbd/process.c:1273(switch_message) switch message SMBtrans2 (pid 4037) conn 0x7ffed1cb3730 [2010/07/16 17:07:45, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0 [2010/07/16 17:07:45, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 263 [2010/07/16 17:07:45, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [statusprintout_Jul1610_170745.prn] [/var/spool/ShareArchive] [2010/07/16 17:07:45, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: statusprintout_Jul1610_170745.prn reduced to /var/spool/ShareArchive/statusprintout_Jul1610_170745.prn [2010/07/16 17:07:45, 3] smbd/trans2.c:4050(call_trans2qfilepathinfo) call_trans2qfilepathinfo: SMB_VFS_STAT of statusprintout_Jul1610_170745.prn failed (No such file or directory) [2010/07/16 17:07:45, 3] smbd/error.c:153(reply_unix_error) unix_error_packet: error string = No such file or directory [2010/07/16 17:07:45, 3] smbd/error.c:60(error_packet_set) error packet at smbd/trans2.c(4051) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND [2010/07/16 17:07:45, 3] smbd/process.c:1459(process_smb) Transaction 328 of length 78 (0 toread) [2010/07/16 17:07:45, 3] smbd/process.c:1273(switch_message) switch message SMBtrans2 (pid 4037) conn 0x7ffed1cb25f0 [2010/07/16 17:07:45, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (1000, 1000) - sec_ctx_stack_ndx = 0 [2010/07/16 17:07:45, 3] smbd/trans2.c:3956(call_trans2qfilepathinfo) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 263 [2010/07/16 17:07:45, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [.] [/var/spool/ShareInput2] [2010/07/16 17:07:45, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: . reduced to /var/spool/ShareInput2 [2010/07/16 17:07:45, 3] smbd/trans2.c:4070(call_trans2qfilepathinfo) call_trans2qfilepathinfo . (fnum = -1) level=263 call=5 total_data=0 [2010/07/16 17:07:45, 3] smbd/process.c:1459(process_smb) A further update. I just created a new Ubuntu8.04 virtual machine install, set it up, and found that in fact, it too fails to allow the lp user to write to the share which was created by the root user. I am therefore now considering how my original Ubuntu 8.04 install/samba setup is different from a default install. Sorry if I wasted anyone's time. Seb James -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
