[Samba] setuids mount option broke
dereks at realloc.net
Sat May 29 14:09:17 MDT 2010
> /Does it work if you change 'setuids' to 'suid'?/
No. Using "suid", the behavior is identical as "setuids".
I was hoping to use either Samba over SSH, or else sshfs (Fuse), for
mounting these remote home dirs using SSH. But Samba's "setuids" option
is broke, and sshfs doesn't even have that option. Thus, I was forced
to set up an OpenVPN server and mount the homes with NFS over OpenVPN.
NFS sucks, and I hope the setuids option comes back.
Getting offtopic, but for the archives: I had to use the NFS mount
options "soft,udp,retrans=0" so that I could log in if the VPN went
down. With those options, there's only a ~4 second delay before the NFS
gives up with an error. If you leave set it to "tcp", your SSH shell
will lock up for 5 minutes (when you log in and it tries to read
~/.bashrc), another 5 minutes if you accidentally type "ls", and another
5 minutes if you hit [TAB] and it tries to do command-line completion
for you. You can tweak your TCP timeouts, but do you really want to
tweak TCP settings just to make NFS fail in a reasonable fashion (and
thus possibly break everything else)? And if you leave it at the
default "hard" instead of "soft", the system will lock up indefinitely
when you log in (trying to read ~/.bashrc).
I love OpenVPN, but installing, configuring, generating certs,
copying certs to the client, testing, setting up monitoring, etc. was a
couple hours of work, compared to 5 minutes setting up an SSH tunnel
with my pre-existing key... and yet, OpenVPN was still less work than
trying to tunnel NFS over SSH (thanks to dynamic RPC ports, lockd, etc.).
On 05/29/2010 05:11 AM, Scott Lovenberg wrote:
> On Fri, May 28, 2010 at 4:12 PM, Derek Simkowiak <dereks at realloc.net
> <mailto:dereks at realloc.net>> wrote:
> I can mount it using these options in /etc/fstab... note the use
> of "setuids" here:
> //cst6/testhome /testhome cifs
> iocharset=utf8,credentials=/root/cst6_password.txt,setuids 0 0
> Does it work if you change 'setuids' to 'suid'?
> Is there anything else I can try? Looking at this earlier post,
> it seems like maybe "setuids" is not even a supported option
> The client code has been moved out of the samba package recently. In
> the current release of the client (the client is now released
> separately from the samba suite, but the two aren't in sync yet) the
> setuid functionality is deprecated (but can still be enabled at
> compile time). At the moment the option is being called 'legacy'; I
> don't know if the functionality is being dropped or
> upgraded/redesigned, though.
> Peace and Blessings,
More information about the samba