[Samba] Cannnot create chroot on a cifs-mounted linux homedir -- missing dev/exec
Rowland Penny
rpenny at samba.org
Tue Jan 10 10:58:40 UTC 2023
On 10/01/2023 09:34, webman at manfbraun.de wrote:
> Hello!
> Thanks.
> Let me clarify some things.
> That I came onto the idea to revert to "vers=1.0" stems from the
> kernel developers, which show that for booting a kernel from
> samba.
Why are you booting a kernel from Samba, it is a file sharing program.
> Tools like GTK, which claims some permission issues,
> never tell, which these could be and using "vers=1.0" resolved
> that problem - it's samba.
No, its Gnome, they still haven't (seemingly) woken up to just how
insecure SMBv1 is.
If you want to boot using a kernel stored on a Samba share, then I
suggest that you talk to Gnome and get them to fix their problem,
preferably using SMBv2 or later.
> ---
>>E: Cannot install into target '/home/ncu9/work/chr' mounted with noexec or nodev
mount and mount.cifs have nothing to do with Samba.
>
> That may have something to do with whatever filesystem you are using,
> but it has nothing to do with Samba.<
> ---
> No. On serverside this works ok, it happens only on the samba share and,
> like I wrote: Because of missing EXEC+DEV options which debootstrap
> explicitely says - this the reason of mypost.
It might work correctly when run directly, but it still has (in my
opinion) nothing to do with Samba, Samba just provides access to files
stored on a share, what happens to them after that is down to whatever
tries to connect to the share. I repeat, it isn't Samba that 'mounts'
the share.
> Sorry for my short smb.conf - I used only the share settings.
> Here the complete file.
> ---
> [global]
> bind interfaces only = Yes
> client min protocol = NT1
> interfaces = eno1 192.168.0.1
> log file = /var/log/samba/log.%m
> logging = file
> map to guest = Bad User
> max log size = 1000
> name resolve order = bcast
> obey pam restrictions = Yes
> pam password change = Yes
> panic action = /usr/share/samba/panic-action %d
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> passwd program = /usr/bin/passwd %u
> server min protocol = NT1
> server role = standalone server
> smb ports = 445
> unix password sync = Yes
> usershare allow guests = Yes
> workgroup = MBG
> idmap config * : backend = tdb
> create mask = 0777
> directory mask = 0777
> force create mode = 0666
> force directory mode = 0777
> inherit acls = Yes
> inherit owner = windows and unix
> inherit permissions = Yes
> vfs objects = readahead streams_xattr acl_xattr
Not sure that is going to work as is, Fairly sure streams_xattr isn't
stackable, try moving it to the end.
>
>
> [homes]
> browseable = No
> comment = Home Directories
> create mask = 0700
> directory mask = 0700
> include = /etc/samba/share.smb0
> valid users = %S
>
>
> [kvmabc-homes--ncu2]
> comment = kvmabc home ncu
> force user = mbu
> include = /etc/samba/share.mt
> locking = No
> path = /pools/users/homes/kvmabc--ncu2
> read only = No
> root postexec = /ops/services/smb-mount-notify postexec %S c:%M
> ip:%I r:%P
> root preexec = /ops/services/smb-mount-notify preexec %S c:%M ip:%I
> r:%P
> valid users = root mbu-smb1 @users
> write list = root mbu-smb1 @users
Is the only reason to use SMBv1 that it 'seems' to be required to 'boot'
the kernel ? If so, then you need to go back to Gnome and point out that
SMBv1 will be removed from Samba and this could be sooner than they
think. One of the Devs wants to enabled SMB3 Unix extensions, this has
been declined at present. Once the SMB3 Unix extensions are enabled,
then it will probably only be a short time before SMBv1 is removed,
possibly totally deprecated (Note: these are just my thoughts) in 4.18.0
and removed in 4.19.0 . Gnome needs to understand this and fix their
packages now.
Also, can you just stick to one email address and reply to posts, we are
now into the second thread on the same subject.
Rowland
More information about the samba
mailing list