[Samba] Cannnot create chroot on a cifs-mounted linux homedir -- missing dev/exec
webman at manfbraun.de
webman at manfbraun.de
Tue Jan 10 09:34:09 UTC 2023
Hello!
Thanks.
Let me clarify some things.
That I came onto the idea to revert to "vers=1.0" stems from the
kernel developers, which show that for booting a kernel from
samba.
Tools like GTK, which claims some permission issues,
never tell, which these could be and using "vers=1.0" resolved
that problem - it's samba.
---
>E: Cannot install into target '/home/ncu9/work/chr' mounted with noexec or nodev
That may have something to do with whatever filesystem you are using,
but it has nothing to do with Samba.<
---
No. On serverside this works ok, it happens only on the samba share and,
like I wrote: Because of missing EXEC+DEV options which debootstrap
explicitely says - this the reason of mypost.
Sorry for my short smb.conf - I used only the share settings.
Here the complete file.
---
[global]
bind interfaces only = Yes
client min protocol = NT1
interfaces = eno1 192.168.0.1
log file = /var/log/samba/log.%m
logging = file
map to guest = Bad User
max log size = 1000
name resolve order = bcast
obey pam restrictions = Yes
pam password change = Yes
panic action = /usr/share/samba/panic-action %d
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
server min protocol = NT1
server role = standalone server
smb ports = 445
unix password sync = Yes
usershare allow guests = Yes
workgroup = MBG
idmap config * : backend = tdb
create mask = 0777
directory mask = 0777
force create mode = 0666
force directory mode = 0777
inherit acls = Yes
inherit owner = windows and unix
inherit permissions = Yes
vfs objects = readahead streams_xattr acl_xattr
[homes]
browseable = No
comment = Home Directories
create mask = 0700
directory mask = 0700
include = /etc/samba/share.smb0
valid users = %S
[kvmabc-homes--ncu2]
comment = kvmabc home ncu
force user = mbu
include = /etc/samba/share.mt
locking = No
path = /pools/users/homes/kvmabc--ncu2
read only = No
root postexec = /ops/services/smb-mount-notify postexec %S c:%M ip:%I r:%P
root preexec = /ops/services/smb-mount-notify preexec %S c:%M ip:%I r:%P
valid users = root mbu-smb1 @users
write list = root mbu-smb1 @users
---
Thanks so far,
Manfred
----- Original Message -----
From: Rowland Penny via samba [mailto:samba at lists.samba.org]
To: <samba at lists.samba.org>
Cc: rpenny at samba.org
Sent: Tue, 10 Jan 2023 08:56:31 +0000
Subject: Re: [Samba] Cannnot create chroot on a cifs-mounted linux homedir -- missing dev/exec
On 10/01/2023 07:37, Manfred Braun via samba wrote:
>
> Hallo!
>
> I try to use a cifs/samba share (hosted on debian, samba 4.17) as
> a homedir for a user in a vm (kvm) runnig debian with X (with xfce4).
> In the beginning, I was not able to save settings, although
> permissions look right (can read/write/modify) and the GTK-Warning
> (which claims missing permissons, not telling, which) went away.
>
> I found the biggest crux: degrade the connection
> to use "vers=1.0", which solves the first problem,
> solved the GtK-WARNINGs and saved setting.
You are going to have to find a way around that, eventually SMBv1 is
going to go away.
>
> There is a remaining problem: Cannot create a chroot
> on this filesystem using debootstrap.
>
> What I see is, that there are no "dev" and
> "exec" mount properties, but on this profile (the users
> home) chroot's should be created and if one issues
> debootstrap there is an error message (using root):
> ---
> $ debootstrap --arch amd64 chimaera chr/ http://deb.devuan.org/merged
> mknod: /home/ncu9/work/chr/test-dev-null: Permission denied
> E: Cannot install into target '/home/ncu9/work/chr' mounted with noexec or nodev
That may have something to do with whatever filesystem you are using,
but it has nothing to do with Samba.
> ---
> Indeed, the mount options reflect this, requested are:
>
> //192.168.26.1/kvmabc-homes--ncu2 /home/ncu9 cifs mfsymlinks,rw,exec,dev,suid,user_xattr,vers=1.0,username=mbu1-smb1,password=918273,iocharset=utf8,uid=2009,gid=2009,dir_mode=0755,file_mode=0755 0 0
>
> The resulting mount option are:
>
> vers=1.0,addr=192.168.26.1,gid=2009,uid=2009,acl,username=mbu1-smb1,relatime\
> soft,rw,mfsymlinks,cache=strict,unix,actimeo=1,wsize=65536,rsize=1048576\
> forcegid,forceuid,mapposix,posixpaths,echo_interval=60,bsize=1048576
>
> To note is, I tried this on debian and devuan and even with gid=100.
>
> MISSING: DEV, EXEC.
>
> How can this be solved?
Absolutely no idea, but someone else might.
>
> smb.conf:
>
> [kvmabc-homes--ncu2]
> path = /pools/users/homes/kvmabc--ncu2
> browsable = yes
> read only = no
> locking = no
> create mask = 0777
> directory mask = 0777
> force directory mode = 0777
>
> root preexec = /ops/services/smb-mount-notify preexec %S c:%M ip:%I r:%P
> root postexec = /ops/services/smb-mount-notify postexec %S c:%M ip:%I r:%P
>
> force user = abc
> force group = abc
>
> inherit acls = yes
> inherit permissions = yes
> inherit owner = yes
>
> guest ok = no
>
> valid users = root,mbu-smb1
> write list = root,mbu-smb1
No, that isn't your entire smb.conf, if is, then you have major
problems, there is no '[global]' section. If you are going to post a
smb.conf file, then post the entire smb.conf file, you can easily obtain
this with 'testparm -s'.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list