Samba: cannout mount cifs as user (it forces uid=0,gid=0)

d.ALT · 2021-12-03 12:46:02

Windows client is fine.
KDE's Dolphin mounts also fine, giving me proper permissions.

Manual mounting: no matter what I do, it will always mount as root (uid=0,gid=0).

$ sudo mount -t cifs //myserverip/sharedsmbfolder /mnt/smbsharename -o workgroup=MYWORKGROUP,credentials=/etc/samba/credentials/share

WIKI: Warning: Using uid and/or gid as mount options may cause I/O errors, it is recommended to set/check correct File permissions and attributes instead. <<<This is exactly what I'm trying to do here!! But for some reason I CANNOT!!

$ mount
//myserverip/sharedsmbfolder on /mnt/smbsharename type cifs (rw,relatime,vers=3.1.1,cache=strict,username=myusername,domain=MYWORKGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=myserverip,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=60,actimeo=1)

$ sudo cat /etc/samba/credentials/share
username=myusername
password=mypassword

$ sudo ls -l /etc/samba/credentials/share
-rw------- 1 root root 35 24 nov 21.43 /etc/samba/credentials/share

myusername and mypassword are both the same in: server (unix user and smbpasswd) and client (unix user).

The actual filesystem on the server (/dev/sdxn /mnt/folder ext4 rw) has files and folders correctly owned by myusername:myusernamegroup (1000:1000).

The mountpath (/mnt/smbshare) on the client is correctly owned by myusername:myusernamegroup (1000:1000).

CLIENT
root:root /mnt
myusername:myusernamegroup /mnt/smbsharename

Here's SERVER's smb.conf:

[global]
        deadtime = 30
        disable spoolss = Yes
        load printers = No
        log file = /var/log/samba/%m.log
        map to guest = Bad User
        max log size = 256
        name resolve order = host lmhosts wins bcast
        netbios name = MYSERVERNAME
        os level = 254
        preferred master = Yes
        printcap name = /dev/null
        security = USER
        server min protocol = SMB2
        server role = standalone server
        server string = Arch SMB Server
        show add printer wizard = No
        wins support = Yes
        workgroup = MYWORKGROUP
        idmap config * : backend = tdb
        printing = bsd
        use sendfile = Yes

[sharedsmbfolder]
        comment = sharedsmbfolder
        force group = myusernamegroup
        force user = myusername
        path = /mnt/folder
        read only = No
        valid users = myusername @myusernamegroup

Damn, when these issues happen it really drives my very very mad!

seth · 2021-12-03 13:30:53

https://man.archlinux.org/man/extra/cifs-utils/mount.cifs.8.en wrote:

uid=arg
sets the uid that will own all files or directories on the mounted filesystem when the server does not provide ownership information. It may be specified as either a username or a numeric uid. When not specified, the default is uid 0. The mount.cifs helper must be at version 1.10 or higher to support specifying the uid in non-numeric form. See the section on FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS below for more information.
forceuid
instructs the client to ignore any uid provided by the server for files and directories and to always assign the owner to be the value of the uid= option. See the section on FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS below for more information.
…
gid=arg
sets the gid that will own all files or directories on the mounted filesystem when the server does not provide ownership information. It may be specified as either a groupname or a numeric gid. When not specified, the default is gid 0. The mount.cifs helper must be at version 1.10 or higher to support specifying the gid in non-numeric form. See the section on FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS below for more information.
forcegid
instructs the client to ignore any gid provided by the server for files and directories and to always assign the owner to be the value of the gid= option. See the section on FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS below for more information.

Sanity check: what makes you believe the share is mounted as root?

d.ALT · 2021-12-03 18:45:51

seth wrote:

Sanity check: what makes you believe the share is mounted as root?

Because I cannot perform any write operations on files and folders: output of $ ls -l /mnt/smbsharename/ shows root:root when manual mounting.

But I can in Windows and also via KDE's Dolphin with kio-fuse:

$ mount
kio-fuse on /run/user/1000/kio-fuse-zLbqHI type fuse.kio-fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000)


$ ls -l /run/user/1000/kio-fuse-zLbqHI/smb/myserverip/sharedsmbfolder/
### all files and folders are correctly owned myusername:myusernamegroup, as expected ###

Also, please have a look at $ mount output I posted in my 1st message.
Also, WIKI suggests NOT to declare uid= neither gid=.

seth · 2021-12-03 19:28:31

Also, please read the posted manpage segment - uid/gid 0 is the default and will result in the ids provided by the share (iff so)
kio explicitly requests a uid/gid - might even be more akin to the force*id cifs mount options.

Try to pass uid/gid and see whether that has meaningful impact. If so, the share doesn't successfully set them - though the server config looks lilke it does.
Did you only recently add the "force user" options and did you reconfigure/restart the server since?

Last edited by seth (2021-12-03 19:28:51)

d.ALT · 2021-12-03 19:54:40

seth wrote:

Also, please read the posted manpage segment - uid/gid 0 is the default and will result in the ids provided by the share (iff so)

Yup, I red it, but why in the world my server server does not provide that damn ownership information?? Meh... I'm feeling su dumb...

seth wrote:

Try to pass uid/gid and see whether that has meaningful impact. If so, the share doesn't successfully set them - though the server config looks lilke it does.

I'll try as soon as I can; I'll let you know.

seth wrote:

Did you only recently add the "force user" options and did you reconfigure/restart the server since?

"Force user" had always been there since the very first time I configured smb.conf just after finishing the installation of ArchLinux onto my server machine.

seth · 2021-12-03 21:48:37

Because

…55,soft,nounix,server…

The default is supposed to be "unix" - no idea why it isn't, but try passing

… -o unix,workgroup=MYWORKGROUP,credentials…

d.ALT · 2021-12-04 15:49:50

d.ALT wrote:

seth wrote:
Try to pass uid/gid and see whether that has meaningful impact. If so, the share doesn't successfully set them - though the server config looks lilke it does.
I'll try as soon as I can; I'll let you know.

That worked. I wonder why WIKI's warning discourage manually declaring uid= and gid= explicitly...

seth wrote:

The default is supposed to be "unix" - no idea why it isn't, but try passing

I cannot:

[  148.309926] FS-Cache: Loaded
[  148.313590] Key type dns_resolver registered
[  148.382489] FS-Cache: Netfs 'cifs' registered for caching
[  148.390089] Key type cifs.spnego registered
[  148.390103] Key type cifs.idmap registered
[  148.391203] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  148.391210] CIFS: Attempting to mount \\myserverip\sharedsmbfolder
[  215.031153] CIFS: Attempting to mount \\myserverip\sharedsmbfolder
[  215.051216] CIFS: VFS: Server does not support mounting with posix SMB3.11 extensions
[  215.051766] CIFS: VFS: cifs_mount failed w/return code = -95

seth · 2021-12-04 16:13:15

[ 215.051216] CIFS: VFS: Server does not support mounting with posix SMB3.11 extensions

There's your answer - w/o them the server can't tell the client which user to use and w/ that you get the user that performs the mount - the root - unless you specify the UID/GID

So the next question is: what's the server, why does it not supply

https://man.archlinux.org/man/extra/samba/smb.conf.5.en wrote:

unix extensions (G)
This boolean parameter controls whether Samba implements the CIFS UNIX extensions, as defined by HP. These extensions enable Samba to better serve UNIX CIFS clients by supporting features such as symbolic links, hard links, etc... These extensions require a similarly enabled client, and are of no current use to Windows clients.
Note if this parameter is turned on, the wide links parameter will automatically be disabled.
See the parameter allow insecure wide links if you wish to change this coupling between the two parameters.
Default: unix extensions = yes

and can you do anything about that?

Edit:
https://wiki.archlinux.org/title/Talk:S … _mounting?
https://wiki.archlinux.org/index.php?ti … did=251554

Last edited by seth (2021-12-04 16:22:38)

d.ALT · 2021-12-04 16:51:22

seth wrote:

[ 215.051216] CIFS: VFS: Server does not support mounting with posix SMB3.11 extensions
There's your answer - w/o them the server can't tell the client which user to use and w/ that you get the user that performs the mount - the root - unless you specify the UID/GID
So the next question is: what's the server, why does it not supply
https://man.archlinux.org/man/extra/samba/smb.conf.5.en wrote:
unix extensions (G)
This boolean parameter controls whether Samba implements the CIFS UNIX extensions, as defined by HP. These extensions enable Samba to better serve UNIX CIFS clients by supporting features such as symbolic links, hard links, etc... These extensions require a similarly enabled client, and are of no current use to Windows clients.
Note if this parameter is turned on, the wide links parameter will automatically be disabled.
See the parameter allow insecure wide links if you wish to change this coupling between the two parameters.
Default: unix extensions = yes
and can you do anything about that?

What can / should I do? Explicitly declaring unix extensions = yes and restarted the server: manual # mount command keeps (auto)using nounix...
SERVER packages:

core/linux-lts 5.10.83-1 
community/r8168-lts
extra/samba 4.15.2-3
extra/cifs-utils

CIFS: VFS: Server does not support mounting with posix SMB3.11 extensions

Let me try installing and re-booting into standard core/linux 5.15.6.arch2-1.

seth wrote:

Edit:
https://wiki.archlinux.org/title/Talk:S … _mounting?
https://wiki.archlinux.org/index.php?ti … did=251554

Woha! TALK pages are also worth having a look at 'em, I learned something new about Arch!

Edit: with core/linux 5.15.6.arch2-1 the -o ...,nounix,... problem still here

Last edited by d.ALT (2021-12-04 17:11:30)

Arch Linux

#1 2021-12-03 12:46:02

Samba: cannout mount cifs as user (it forces uid=0,gid=0)

#2 2021-12-03 13:30:53

Re: Samba: cannout mount cifs as user (it forces uid=0,gid=0)

#3 2021-12-03 18:45:51

Re: Samba: cannout mount cifs as user (it forces uid=0,gid=0)

#4 2021-12-03 19:28:31

Re: Samba: cannout mount cifs as user (it forces uid=0,gid=0)

#5 2021-12-03 19:54:40

Re: Samba: cannout mount cifs as user (it forces uid=0,gid=0)

#6 2021-12-03 21:48:37

Re: Samba: cannout mount cifs as user (it forces uid=0,gid=0)

#7 2021-12-04 15:49:50

Re: Samba: cannout mount cifs as user (it forces uid=0,gid=0)

#8 2021-12-04 16:13:15

Re: Samba: cannout mount cifs as user (it forces uid=0,gid=0)

#9 2021-12-04 16:51:22

Re: Samba: cannout mount cifs as user (it forces uid=0,gid=0)

Board footer