[Samba] Linux Mint 21.3 client AD joined OK but no usb working
Rowland Penny
rpenny at samba.org
Thu Mar 28 18:53:25 UTC 2024
On Thu, 28 Mar 2024 19:04:44 +0100
Kees van Vloten via samba <samba at lists.samba.org> wrote:
>
> On 28-03-2024 18:53, Rowland Penny via samba wrote:
> > On Thu, 28 Mar 2024 11:33:16 +0000
> > Rowland Penny via samba <samba at lists.samba.org> wrote:
> >
> >> On Wed, 27 Mar 2024 18:13:16 +0000
> >> Rowland Penny via samba <samba at lists.samba.org> wrote:
> >>> Now thinking about apparmor, could this be stopping writing to the
> >>> drive ?
> >>>
> >> No, I removed apparmor and rebooted, no different.
> >>
> >> Tried to format the drive, but it seems to have gone read only, so
> >> used another drive and formatted that.
> >>
> >> When I insert the USB drive, it gets mounted on
> >> /media/rowland/usbdrive1
> >>
> >> Checking the permissions on the path, shows this:
> >>
> >> rowland at devstation:~$ ls -ld /media/
> >> drwxr-xr-x 4 root root 4096 Mar 27 17:15 /media/
> >>
> >> Anyone can traverse /media
> >>
> >> rowland at devstation:~$ ls -ld /media/rowland/
> >> drwxr-x---+ 3 root root 4096 Mar 28 09:36 /media/rowland/
> >>
> >> There is an EA, so check that:
> >>
> >> rowland at devstation:~$ getfacl /media/rowland/
> >> getfacl: Removing leading '/' from absolute path names
> >> # file: media/rowland/
> >> # owner: root
> >> # group: root
> >> user::rwx
> >> user:rowland:r-x
> >> group::---
> >> mask::r-x
> >> other::---
> >>
> >> Only 'root', members of the 'root' group and 'rowland' can traverse
> >> /media/rowland
> >>
> >> rowland at devstation:~$ ls -ld /media/rowland/usbdrive1/
> >> drwxr-xr-x 3 root root 4096 Mar 28 09:32 /media/rowland/usbdrive1/
> >>
> >> So 'rowland' can traverse to the 'usbdrive1' directory, but only
> >> 'root' can write to it.
> >>
> >> WHY ??????????
> >>
> >> It mounts the drive in a directory named after the user, it allows
> >> the user to get to the drive, but then denies the user the ability
> >> to write to the drive.
> >>
> >> Off to find out just what 'mounts' the drive and how.
> >>
> >> Rowland
> >>
> > It seems that it is udev and udisks2 that automatically mount the
> > USB drive after it is plugged into a USB port.
> > The problem is I stated earlier, whilst it is mounted under a
> > directory with the users name, it is mounted rwx for root and r-x
> > for the user (others), which, if you think about it, is probably
> > correct for a removable drive. Whilst the user may have one ID on a
> > computer, they may have another ID on a different computer.
> > The only cure I can find is to change the owner of the USB drives
> > directory, e.g. chown rowland /media/rowland/usbdrive1
> >
> > Rowland
>
> I did not read the whole thread back, so perhaps this is long
> obvious...
>
> If the user is a domain-user and the same id-mapping is used
> everywhere, it should get the same UID/GID everywhere...
Well yes, but udev & udisks2 are written from the point of view of a
Linux computer where a user or group may not get the same IDs on
different computers.
I found this:
https://wiki.archlinux.org/title/Udev#Allowing_regular_users_to_use_devices
Which seems say that you can make it work for user writing, but it
sounds like it works on a device by device basis.
I haven't given up on this yet, there must be a way for domain users to
write to a USB drive without manual intervention.
Rowland
More information about the samba
mailing list