[Samba] mount.cifs permissions for non-root user via sudo

steve steve at steve-ss.com
Mon Mar 24 11:43:30 MDT 2014


On Mon, 2014-03-24 at 17:24 +0000, Lazarevich, Alexander wrote:
> I'm not sure this is the proper forum to post to, but I hope someone can point me in the right direction if not have the answers. We have a RedHat Enterprise 5 AS machine, fully patched, with the most recent samba RPMs installed. The machine is joined to Active Directory via a 3rd party program called Centrify. An AD user, when logged into this system, is given permission to run /bin/mount via sudo, in order to mount that users' Windows share from a Windows fileserver. (2008R2) The exact mount command is:
> 
> sudo mount -t cifs //servername/share/user1 /home/user1/network-mount -o domain=domname,username=user1
> 
> After the user provides their AD password, the share is mounted:
> 
> [user1 at linux1PC]$ df -h
> Filesystem            Size  Used Avail Use% Mounted on
> /dev/sda2              20G  7.3G   12G  40% /
> /dev/sda1              99M   25M   70M  26% /boot
> tmpfs                1006M     0 1006M   0% /dev/shm
> //servername/share/user1 6.0T  5.0T  1.1T  83% /home/user1/network-mount
> 
> As you can see, the mount worked fine. However, the permissions are very odd. All files/folders are owned by root:
> 
> [user1 at linux1PC]$ ls -l
> total 547949
> -rwxrwSrwx 1 root root  70207240 Jul 30  2012 5.5.4.0-TIV-TSMBAC-WinX32.exe
> -rwxrwSrwx 1 root root 157970712 Jun  5  2013 6.2.3.0-TIV-TSMBAC-WinX32.exe
> -rwxrwSrwx 1 root root 158327144 Jun  5  2013 6.2.5.0-TIV-TSMBAC-WinX32.exe
> -rwxrwSrwx 1 root root 174554976 Jun  5  2013 6.3.1.0-TIV-TSMBAC-WinX32.exe
> ...
> ...
> 
> After some testing, it seems as though the mount command is purposefully mounting the share as root, with 777 perms, so the user can have proper access. The user1 is able to read/write all files as needed. And other users on the system have no access to the share. (which is odd because the perms are 777)
> 
> I'm hoping someone else in the world has solved this problem: Is this the proper way to mount non-root user Windows shares via command line? Is there another/better way to mount Windows shares command line for non-root users? Or are we doing it the correct way and somehow the system is monitoring the mounted share and translating permissions from unix to CIFS on the fly. The ACLS on the Windows server are correct for all created files/folders from that user. We have to know these permissions are correct and stable before we put this mount procedure into production in our labs.
> 
> Any ideas?
> 
> Thanks!
> 
> Alex
Hi
Over cifs, the -rwxrwSrwx part of the listing doesn't bear any
resemblance to the actual ac lists.
HTH
Steve




More information about the samba mailing list