[Samba] Why my dir is not available ?

Pierre Couderc pierre at couderc.eu
Tue Mar 15 07:49:06 UTC 2016 


On 03/14/2016 10:05 AM, Rowland penny wrote:
> On 13/03/16 18:59, Pierre Couderc wrote:
>>
>>
>> On 03/13/2016 10:36 AM, Rowland penny wrote:
>>> On 12/03/16 21:58, Pierre Couderc wrote:
>>>>
>>>>
>>>> On 03/12/2016 08:24 PM, Rowland penny wrote:
>>>>> On 12/03/16 18:28, Pierre Couderc wrote:
>>>>>>
>>>>>> On 03/12/2016 06:45 PM, Rowland penny wrote:
>>>>>>> On 12/03/16 17:37, Pierre Couderc wrote:
>>>>>>>> I have a samba server with a "var" share.
>>>>>>>>
>>>>>>>> I have 2 client computers  which mount this share each one with
>>>>>>>> each (identical) /etc/fstab: :
>>>>>>>>
>>>>>>>> //192.168.163.1/var    /mnt/var        cifs
>>>>>>>> _netdev,username=xxxx,password=yyyy
>>>>>>>>
>>>>>>>> On a first client, I try to ls :
>>>>>>>>
>>>>>>>> ls /mnt/var/www
>>>>>>>>
>>>>>>>> and I get well the contents of www
>>>>>>>>
>>>>>>>> On the second client, I get :
>>>>>>>> ls: cannot open directory /mnt/var/www: Permission denied
>>>>>>>>
>>>>>>>> How it is possible ? where to look for ?
>>>>>>>>
>>>>>>>> please note that, on the 2 clients, if I ls  :
>>>>>>>>
>>>>>>>> ls /mnt/var gives me correct results !!
>>>>>>>>
>>>>>>>>
>>>>>>>> Thank you for any help.
>>>>>>>>
>>>>>>>> PC
>>>>>>>>
>>>>>>>
>>>>>>> Hi, can you post a bit more info, how are you running Samba ?
>>>>>>> Can you post the smb.conf files from the two machines ?
>>>>>>>
>>>>>>> Rowland
>>>>>>>
>>>>>>>
>>>>>> Thank you.
>>>>>> Yes, I can. And I will if it is useful.
>>>>>
>>>>> Yes
>>>>>
>>>>>> But will it help you to help me ?
>>>>>
>>>>> Possibly
>>>>>
>>>>>>
>>>>>> I suppose have a correct samba configuration, as it works with
>>>>>> many customer computers (since years...).
>>>>>> Ma question 1 : Is it possible that I am wrong on this point ?
>>>>>
>>>>> Well, until we see the smb.conf, we will not know.
>>>> Thank you, please see below.
>>>>>
>>>>>>
>>>>>> My question 2 :  what can make a difference between these 2
>>>>>> clients ?
>>>>>> There is a small difference : the "good" customer is Ubuntu, and
>>>>>> the "bad" one is debian...
>>>>>
>>>>> There shouldn't, in principal, be any difference.
>>>>>
>>>>>>
>>>>>> Please note that I cannot send the 2 smb.conf because I have only
>>>>>> one ! It is on the server.
>>>>>> There are no smb.conf on the clients.
>>>>>
>>>>> Hang on, what are you running on the Unix clients, where do they
>>>>> auth to ?
>>>> Mmm, I run standard cifs client, mounted in /etc/fstab as described
>>>> above, and without any smb.conf.
>>>> Something like
>>>> https://wiki.samba.org/index.php/Mounting_samba_shares_from_a_unix_client
>>>>
>>>> ------------------------------------------
>>>> Server smb.conf, I have removed a few more share, but all global
>>>> parameters are here :
>>>>
>>>> [global]
>>>>
>>>>    workgroup = TOL
>>>>
>>>>    server string = %h server (Samba, Ubuntu)
>>>>    wins support = yes
>>>>   dns proxy = no
>>>>    interfaces = 127.0.0.0/8 eth0
>>>>    log file = /var/log/samba/log.%m
>>>>    max log size = 1000
>>>>    syslog = 0
>>>>    panic action = /usr/share/samba/panic-action %d
>>>>    security = user
>>>>    encrypt passwords = true
>>>>    passdb backend = tdbsam
>>>>    obey pam restrictions = yes
>>>>    unix password sync = yes
>>>>    passwd program = /usr/bin/passwd %u
>>>>    passwd chat = *Enter\snew\s*\spassword:* %n\n
>>>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>>>    pam password change = yes
>>>>    map to guest = bad user
>>>>    guest account = nous
>>>>    usershare allow guests = yes
>>>>
>>>> #======================= Share Definitions =======================
>>>>
>>>> [printers]
>>>> ....
>>>>
>>>> [print$]
>>>> ....
>>>>
>>>> [var]
>>>>     comment = var(V:)
>>>>     writable = yes
>>>>     public = yes
>>>>     path = /var/
>>>>     valid users = xxxx
>>>>
>>>>
>>>>
>>>>
>>>
>>> OK, it appears that you are running a workgroup called 'TOL'. This
>>> means that all your users and groups need to exist on all machines
>>> and all passwords need to be in sync.
>>>
>>> Have you checked that user 'xxxx' has the same password on all
>>> machines ?
>>> Does the share actually get mounted on the machine you are denied
>>> access to ?
>>> If it does get mounted, who actually owns the mounted share ?
>> Thank you very much.
>> Please note that that not only the shares are mounted but they work,
>> as explained in my first mail.
>> if on ALL my systems I :
>>
>> ls /mnt/var
>> It works.
>>
>> The problem is with :
>> ls /mnt/var/www
>>
>>
>> Thank you again.
>> PC
>
> So what you are saying is that you can mount ls /var from the server
> on any machine, but, on a particular machine, you cannot enter a dir
> under /var as a user that you think should be able to.
Yes, exactly !
>
> Do all client machines use the same version of cifs-mount ?
> is 'acl' & 'attr' installed on all client machines ?
Sorry, I do not know how to do, but  samba is installed by standard 
debian jessie package (the "bad" computer) , and by standard ubuntu 
14.04 LTS package (the "good" computer).
> if you run 'getfacl /mnt/var/www' on both machines, do you get the
> same results ?
Yes, I get the same result :

nous at pcouderc:~$ getfacl /mnt/var/www
getfacl: Removing leading '/' from absolute path names
# file: mnt/var/www
# owner: root
# group: www-data
user::rwx
group::rwx
other::---

nous at pcouderc:~$ ls /mnt/var/www (on the "bad" computer)
ls: cannot open directory /mnt/var/www: Permission denied

and the user is member of www-data group :

nous at tolsupport:~$ cat /etc/group | grep www-data
www-data:x:33:nous,postgres

(("nous" is the "true" name of the user in /etc/fstab, instead of XXXX))


Thank you very much for your precious help.

PC

More information about the samba mailing list