4

I am trying to set permissions on a Samba share mounted with vers=3.0, but it does not work (with vers=2.1 or vers=2.0 also issue is present).

As per SMB3-Linux cifsacl option is needed for setting the permission bits, but if that option is used the folder does not mount:

# mount -t cifs //server.lan/aaditya /home/roaming/SERVER/aaditya -o 'username=aaditya,domain=server.lan,password=mypass,cifsacl,vers=3.0,nobrl,mfsymlinks,sfu,uid=1274545246,gid=1274544641'

mount error(95): Operation not supported Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

Is there something that I am missing?

It works with vers=1.0 which has unix extensions but trying to avoid it as SMB 2.0+ seems to have much better performance and design (here and here).

Client details:

# mount.cifs -V
mount.cifs version: 6.4

# uname -srm
Linux 4.10.0-38-lowlatency x86_64

# lsb_release -ird
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.3 LTS
Release:    16.04

Server details:

$ uname -srm
Linux 4.4.0-97-generic x86_64

$ lsb_release -ird
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.3 LTS
Release:    16.04

$ samba --version
Version 4.6.7-Ubuntu
myrdd
  • 419
  • 2
  • 4
  • 15
abchk1234
  • 355
  • 1
  • 6
  • 13
  • I dont know why **mount.cifs** fails with _cifsacl_; tried it on another system running Slackware where it worked. However, it _fails_ to solve the main issue, ie, enabling unix permissions on a SMB 2.0 share. Anyhow I discovered _why_ all the files were being shown as executable in the share: its due to mapping some windows file permissions as described in https://unix.stackexchange.com/questions/103415/why-are-files-in-a-smbfs-mounted-share-created-with-executable-bit-set. Even if `file_mode=0644` is explicitly added, the files become non executbable with no way of setting them otherwise. – abchk1234 Nov 11 '17 at 19:06

1 Answers1

4

Samba does not yet support UNIX extensions for SMB v2.0+. It is being worked on. [lists.samba.org, 10/2017]

They say that when UNIX extensions will be finalized, the Samba implementation is ”not going to allow clients to create ’real‘ symlinks on the server - only SMB-followable symlinks. Allowing clients to create real server symlinks as in SMB1 UNIX extensions has been a long-term security disaster.“ [same thread]

myrdd
  • 419
  • 2
  • 4
  • 15
  • 2
    Holy moly. In hours of reading samba docs, trying to figure out why file permissions were not appearing correctly on the client side, I didn't find any mention of unix extensions being restricted to SMB1. Thank you. – ʇsәɹoɈ Oct 31 '19 at 00:16