[Samba] Cannnot create chroot on a cifs-mounted linux homedir -- missing dev/exec

Tue Jan 10 08:56:31 UTC 2023

On 10/01/2023 07:37, Manfred Braun via samba wrote:
> 
> Hallo!
> 
> I try to use a cifs/samba share (hosted on debian, samba 4.17) as
> a homedir for a user in a vm (kvm) runnig debian with X (with xfce4).
> In the beginning, I was not able to save settings, although
> permissions look right (can read/write/modify) and the GTK-Warning
> (which claims missing permissons, not telling, which) went away.
> 
> I found the biggest crux: degrade the connection
> to use "vers=1.0", which solves the first problem,
> solved the GtK-WARNINGs and saved setting.

You are going to have to find a way around that, eventually SMBv1 is 
going to go away.

> 
> There is a remaining problem: Cannot create a chroot
> on this filesystem using debootstrap.
> 
> What I see is, that there are no "dev" and
> "exec" mount properties, but on this profile (the users
> home) chroot's should be created and if one issues
> debootstrap there is an error message (using root):
> ---
> $ debootstrap --arch amd64 chimaera chr/ http://deb.devuan.org/merged
> mknod: /home/ncu9/work/chr/test-dev-null: Permission denied
> E: Cannot install into target '/home/ncu9/work/chr' mounted with noexec or nodev

That may have something to do with whatever filesystem you are using, 
but it has nothing to do with Samba.

> ---
> Indeed, the mount options reflect this, requested are:
> 
> //192.168.26.1/kvmabc-homes--ncu2  /home/ncu9  cifs mfsymlinks,rw,exec,dev,suid,user_xattr,vers=1.0,username=mbu1-smb1,password=918273,iocharset=utf8,uid=2009,gid=2009,dir_mode=0755,file_mode=0755  0 0
> 
> The resulting mount option are:
> 
> vers=1.0,addr=192.168.26.1,gid=2009,uid=2009,acl,username=mbu1-smb1,relatime\
> soft,rw,mfsymlinks,cache=strict,unix,actimeo=1,wsize=65536,rsize=1048576\
> forcegid,forceuid,mapposix,posixpaths,echo_interval=60,bsize=1048576
>   
> To note is, I tried this on debian and devuan and even with gid=100.
> 
> MISSING: DEV, EXEC.
> 
> How can this be solved?

Absolutely no idea, but someone else might.

> 
> smb.conf:
> 
> [kvmabc-homes--ncu2]
>          path = /pools/users/homes/kvmabc--ncu2
>          browsable = yes
>          read only = no
>          locking = no
>          create mask = 0777
>          directory mask = 0777
>          force directory mode = 0777
> 
>          root preexec = /ops/services/smb-mount-notify preexec %S c:%M ip:%I r:%P
>          root postexec = /ops/services/smb-mount-notify postexec %S c:%M ip:%I r:%P
> 
>          force user = abc
>          force group = abc
> 
>          inherit acls = yes
>          inherit permissions = yes
>          inherit owner = yes
> 
>          guest ok = no
> 
>          valid users = root,mbu-smb1
>          write list  = root,mbu-smb1

No, that isn't your entire smb.conf, if is, then you have major 
problems, there is no '[global]' section. If you are going to post a 
smb.conf file, then post the entire smb.conf file, you can easily obtain 
this with 'testparm -s'.

Rowland