file permissions with SMB and Linux

Discussion about using NAS on Linux and Unix OS.
Post Reply
Chaos Monster
Starting out
Posts: 12
Joined: Tue Sep 01, 2020 6:02 pm

file permissions with SMB and Linux

Post by Chaos Monster »

Hi,


I am trying to mount Shared Folder from my QNAP TS230 via Samba on my Linux in a way that I will preserve file permissions.
I am focused on two scenarios:
- files rsync-ed to QNAP's share (that after I ssh and ls -l has permissions as expected) will be seen with same permissions after mounting share via samba
- chmod operations on files mounted through Samba will be respected

I found out that if one set /etc/config/smb.conf to

Code: Select all

unix extensions = yes
it has no effect as QNAP will reset those on samba restart. Hence mounting with unix option won't work.

I am experimenting with cifsacl now. I think I wasted at least couple of evenings and cannot really get it to work the way I want.

I am mounting my share with

Code: Select all

$ sudo mount -t cifs -o credentials=/etc/smb-credentials,uid=1000,gid=1000,intr,hard,cifsacl //doctor-chaos.local/admin-land/ /mnt
and effective options are

Code: Select all

$ mount -t cifs
//doctor-chaos.local/admin-land/ on /mnt type cifs (rw,relatime,vers=3.1.1,cache=strict,username=rskolasinski,domain=WORKGROUP,uid=1000,forceuid,gid=1000,forcegid,addr=192.168.1.230,file_mode=0755,dir_mode=0755,hard,nounix,serverino,mapposix,cifsacl,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=60,actimeo=1)
What I observe now is that:
- most of modes I set with chmod after ssh-ing to QNAP I see right through Samba: exception is the x bit that if set for others on QNAP via samba I see it set for all user, group and others
- when I chmod on files mounted via samba I always get r bit for user no matter what I set and also on QNAP it always get set rwx for group.


Config notes:
QNAP UI: Shared Folders -> Advanced Permissions -> Enable Advanced Folder Permissions (enabled); Windows ACL disabled.
QNAP smb.conf: set inherit permissions = no for admin-land share




I have the feeling it must be something connected with ACL but cannot figure out what to set. Tried to remove all ACL settings using `setfactl -b /share/admin-land/` but with no effect.
Chaos Monster
Starting out
Posts: 12
Joined: Tue Sep 01, 2020 6:02 pm

Re: file permissions with SMB and Linux

Post by Chaos Monster »

Am I doomed on my quest? I don't want to use NFS as I don't like it does not even ask for password before mounting a share and kerberos seems like real PITA to set up... I know I could allow connections only from a local network but in age of IOT devices every thing is on the network with devil knows what security holes...
torch1
Know my way around
Posts: 137
Joined: Thu Jul 04, 2019 4:53 am

Re: file permissions with SMB and Linux

Post by torch1 »

Chaos Monster
Starting out
Posts: 12
Joined: Tue Sep 01, 2020 6:02 pm

Re: file permissions with SMB and Linux

Post by Chaos Monster »

I did check it, yes, but it didn't really help my issue. Information there was more about either default permission for new files/folders or giving permission to user/groups. Nothing that would explain the discrepancy I am observing.

Though subject is quite confusing and I may be missing something...
User avatar
OneCD
Guru
Posts: 12010
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: file permissions with SMB and Linux

Post by OneCD »

Chaos Monster wrote: Thu Dec 17, 2020 10:01 pm I found out that if one set /etc/config/smb.conf to

Code: Select all

unix extensions = yes
it has no effect as QNAP will reset those on samba restart. Hence mounting with unix option won't work.
viewtopic.php?p=673524#p673524

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage
Chaos Monster
Starting out
Posts: 12
Joined: Tue Sep 01, 2020 6:02 pm

Re: file permissions with SMB and Linux

Post by Chaos Monster »

Thanks, is this actually confirmed to work?
CarbonPepper
Getting the hang of things
Posts: 66
Joined: Tue Nov 10, 2015 6:56 pm

Re: file permissions with SMB and Linux

Post by CarbonPepper »

Chaos Monster wrote: Thu Dec 17, 2020 10:03 pm I don't want to use NFS as I don't like it does not even ask for password before mounting a share and kerberos seems like real PITA to set up
You don't need kerberos. That's for running a server. I.e. The server is already on the QNAP.

You need to unlearn windows thinking. Then NFS is easy and a better security model.
Imagine a building. CIFS uses the principle of locking the front door and putting a keycard lock on it. But once you're in, security on the contents is weak.

NFS treats the building as if every single document and folder is individually padlocked. It doesn't matter who can get on the share if they have absolutely no permission to look at anything on it. This has worked for decades, including 95% of all the world's internet servers. Have faith. It works, it's superior.

Also the function of groups is far better than anything CIFS can do.

The one downside is if you use wifi and your connection is not 100% reliable. That's because NFS treats shares as though they are part of your OS, and when a share is unavailable your desktop can lock up, but there are ways around that.

If your distro doesn't come with NFS (client) preconfigured,
sudo apt update
sudo apt install nfs-common

Align the UID and GIDs to have the same numbers on QNAP and your client machine.
Create the mount points in the client e.g. in /media
Make nfs entries in /etc/fstab

x.x.x.x:/MyQNAPsharename/ /media/MyQNAPsharename nfs tcp,hard,nfsvers=4,noatime,intr 0 0


Where x.x.x.x is the IP address of your QNAP. You can use hostnames, but a static IP for your QNAP involves less maintenance.
You can play with the options, but the above works well for ethernet. If you use WiFi post back.


sudo mount -a

Done.
"If QNAP made airbags, they’d test new versions using your face."
------------------------------------------------------------------------------__
TVS-471 with 4x WD Red 3Tb. Used for business. Stability valued over features.
Mix of clients: Ubuntu Linux, Mac OS, Windows 10.
Post Reply

Return to “Linux & Unix (NFS)”