Mounting samba share issues

Ask Fedora
1

Hello all.

I have my samba server on one system.
And I want to mount directory share define on it in another system.

And I have some issues.

> mount -t cifs //192.168.8.5/project /mnt/test/ -o username=tomek,nosuid,uid=tomek,gid=tomek

This program is not installed setuid root -  "user" CIFS mounts not supported.

The solution on net is to

> chmod u+s /sbin/mount.cifs 

chmod: changing permissions of '/sbin/mount.cifs': Read-only file system

but I am on Fedors Silverblue so along with immutable OS postulate I can not change permisions under /usr/sbin/.

I can mount it as a root, but this is not what I want - I want to be able to mount it as regular user.
What can I do ?

On my samba server I have

> ls -la /opt/project/


total 16                                                                                                  
dr-xrwx---. 3 project  project_developer 4096 Sep 15 11:55 .
drwxr-xr-x. 4 project  project_developer 4096 Sep  5 19:57 ..
-r--rw----. 1 project  project_developer    0 Sep 15 11:55 1
-r--rw----. 1 project  project_developer    0 Sep 15 11:55 .2
dr-xrwx---. 3 project  project_developer 4096 Sep  5 12:50 A
-r-xrwx---. 1 project  project_developer   23 Sep 12 20:27 x
-r--rw----. 1 project  project_developer    0 Sep 12 20:33 y

but after mounting it, every file has x permission:

> sudo mount -t cifs //192.168.8.5/project /mnt/test/ -o username=tomek,nosuid,uid=tomek,gid=tomek

> ls -la /mnt/test/

total 8
drwxr-xr-x  2 tomek tomek    0 Sep 15 11:55 .
drwxr-xr-x. 4 root  root  4096 Sep 12 19:39 ..
-rwxr-xr-x. 1 tomek tomek    0 Sep 15 11:55 1
-rwxr-xr-x. 1 tomek tomek    0 Sep 15 11:55 .2
drwxr-xr-x  2 tomek tomek    0 Sep  5 12:50 A
-rwxr-xr-x  1 tomek tomek   23 Sep 12 20:27 x
-rwxr-xr-x. 1 tomek tomek    0 Sep 12 20:33 y

I want to preserve permissions from server.

In my smb.conf I have:

smb3 unix extensions = yes
# and even added
smb1 unix extensions = yes

(smb3 unix extensions are not well explained here: smb.conf in contrast to smb1 unix extensions), but as you see it does not work.

Also this is my share config:

> cat usershares.conf

[project]
    comment = Project
    path = /opt/project
    read only = yes
    browsable = yes
    guest ok = no
    valid users = tomek
    force user = project

and also:

semanage fcontext --list | grep project
/opt/project(/.*)?                                   all files          system_u:object_r:samba_share_t:s0 
/var/opt/project(/.*)?                               all files          system_u:object_r:samba_share_t:s0

Anyone, please advice, help.

2

You could add a sudoers rule. See man sudoers

It looks like smb3 unix extensions may do what you want.
I found these docs https://wiki.samba.org/index.php/UNIX_Extensions
Also see the note about CIFS being deprecated.

FYI: For my Fedora to Fedora shares I use NFS. I only use Samba shares for mounting from macOS and Windows.

3

I excluded NFS because it does not allow for “user login, password control” of who can access my share.
I excluded also other options like FTP, WebDav, … because I need my share to be mountable on AIX also, but on AIX only NFS or SAMBA can be mounted.
So only option I have is SAMBA.

Adding sudoers rule - maybe that is the way - I also though about it.

If cifs is deprecated then I should mount it like that ?

> mount -t smb3 //192.168.8.5/project /mnt/test/ -o username=tomek,nosuid,uid=tomek,gid=tomek

This smb3 unix extensions = Yes seams not to work:

>testparam 

[global]
        logging = systemd
        printcap name = cups
        security = USER
        workgroup = SAMBA
        idmap config * : backend = tdb
        cups options = raw
        include = /etc/samba/usershares.conf
        smb3 unix extensions = Yes


[project]
        comment = Project
        force user = project
        path = /opt/project
        valid users = tomek

...
4

First time I found this out was when I was researching your issue.

Yep if you are in a hostile environment then you would want better security.
For my home lab it’s not an issue.

5

I also found to use that options for mount,
but it also does not work.

sudo mount -t smb3 //192.168.8.5/seant /mnt/test/ -o username=tomek,uid=tomek,gid=tomek,noperm,noserverino

noperm: Disables client-side permission checks, allowing the server to enforce permissions.
noserverino: Uses client-generated inode numbers (optional, for compatibility with some filesystems).

6

I found it :slight_smile:

In Samba documentation for smb1 unix extensions

This boolean parameter controls whether Samba implements the SMB1/CIFS UNIX extensions, as defined by HP. These extensions enable Samba to better serve UNIX SMB1/CIFS clients by supporting features such as symbolic links, hard links, etc… These extensions require a similarly enabled client, and are of no current use to Windows clients.

These extensions require a similarly enabled client

  • so I started to look how to configure client like that.

Following link provided by Barry, https://wiki.samba.org/index.php/UNIX_Extensions

I found https://wiki.samba.org/index.php/SMB3-Linux
where I found it:

sudo mount -t smb3 //192.168.8.5/seant /mnt/test/ -o username=tomek,uid=tomek,gid=tomek,noperm,posix

and this posix option does the job :slight_smile:

But I made experiment and instead of posix option I put unix option:

sudo mount -t smb3 //192.168.8.5/seant /mnt/test/ -o username=tomek,uid=tomek,gid=tomek,noperm,unix

and it also works.
Why I tried with unix ?

Because samba also has smb3 unix extensions option and in link provided by Barry it is written about:

so I just associated it somehow like that - maybe it was just a luck ?

But maybe I should use both posix,unix options ?

They also write about nomapposix and mfsymlinks options

sudo mount -t smb3 //192.168.8.5/seant /mnt/test/ -o username=tomek,uid=tomek,gid=tomek,noperm,posixnomapposix,mfsymlinks

but I still need to figure out what they stands for.

7

From man mount.smb3

posix|unix|linux
(default) Enable Unix Extensions for this mount. Requires CIFS (vers=1.0) or SMB3.1.1 (vers=3.1.1) and a server supporting them.

  • So that are synonyms for Samba mounts.

From net:

The mfsymlinks mount option in Linux is specific to the CIFS (SMB) filesystem — typically used when mounting Windows network shares using the mount.cifs command.

It enables support for Minshall+French symlinks (MFS symlinks), an older method to emulate Unix-style symbolic links on servers that don’t natively support them (e.g., Windows shares via SMB2/SMB3).

The mfsymlinks option allows Windows symlinks (reparse points or .LNK files) to be interpreted as symbolic links on the Linux side.

  • So simply explained.

From man mount.smb3

mapchars
Translate six of the seven reserved characters (not backslash, but including the colon, question mark, pipe, asterik, greater than and less than characters) to the remap range (above 0xF000), which
also allows the CIFS client to recognize files created with such characters by Windows’s Services for Mac. This can also be useful when mounting to most versions of Samba (which also forbids creat‐
ing and opening files whose names contain any of these seven characters). This has no effect if the server does not support Unicode on the wire. Please note that the files created with mapchars
mount option may not be accessible if the share is mounted without that option.

nomapchars
(default) Do not translate any of these seven characters.

mapposix
Translate reserved characters similarly to mapchars but use the mapping from Microsoft “Services For Unix”.

  • What it means in simple words ???