[SOLVED] can't chown files in mounted directory?

[pastic]

Hi,
I should have graduated from permissions university by now, but this one I have never got my head around. I'd be happy if some kind soul could elucidate me.

I mount a directory from a share on my NAS at boot with this fstab entry: //10.0.0.50/hibou /home/peter/hibou cifs vers=2.1,user,uid=peter,gid=peter,username=peter,password=mypass 0 0.

1) If I need to change ownership of some files in the mounted directory (in order for things to work locally with other software), is my only option to log in to the NAS and change the permissions there? I can't find a way to do it locally.

2) Even though the owner/group columns locally in Nemo says 'peter' for files that on the NAS that are owned by 'hibou', 'peter' is not supposed to be able to do owner operations on those files?

Thanks!

[altair4]

Even though the owner/group columns locally in Nemo says 'peter' for files that on the NAS that are owned by 'hibou', 'peter' is not supposed to be able to do owner operations on those files?

No.

To the server you are the "peter" defined by your login credentials to the NAS ( username=peter,password=mypass ) and you have whatever read or write permissions the NAS dictates for that user on that shared folder.

To the client the way your mount is set up it will be have owner:group = local user "peter" with permissions of 755. Local user "peter" can read/write to the share but everyone else can only read.

mount.cifs is a virtual filesystem sorta kinda like the way Linux handles NTFS.

If say ... you wanted everyone to have write access on the local machine you would need to specify that in the mount. For example:

//10.0.0.50/hibou /home/peter/hibou cifs vers=2.1,user,uid=peter,gid=peter,username=peter,password=mypass,dir_mode=0777,file_mode=0777,nounix 0 0

[pastic]

Hi and thanks!
But what if the permissions on the NAS for everyone is read only, can I override that with local mount options to allow everyone to write? Can anyone pull this off or is it dependent on the NAS counterpart of my local user to have ownership of those files/directories?

[altair4]

Nope.

The samba share definition is the gatekeeper to the share. If it is read only it is read only. It would be a major security issue if a client to the server was able to override the servers samba permissions settings.

If the share allows write but the Linux permissions of the folder being shared on the NAS does not then it's up to the NAS to correct it not the client.

That sort of thing may be possible with NFS ( No File Security ... um ... sorry ... Network File System ). That I cannot help you with. The last time I used NFS Eisenhower was still in Europe and I've forgotten how to do it.

[hcentaur13]

A NAS is a computer on its own. It owns its own users withg theyr own rights. You have toi register your user with its own name and rights on the nas to get ready for access to it for login over the network.

A file (and a directory is a fille too) knows of 3 groups of rights:
- owner
- same group
- anybody else

Users are devided int groups. An ownwe of a file is member of one e or more different groups If a user is member of the same group the file is assigned to it gets the rights of that group. If the file does not share the same group than the user it only the rights of anybody else. An owner can give the ownership away - but oinly the owner (and root) can give ownership away. That is why malware has limited chances it can do something.

When you shows ls -l then you sees 3 groups of rights. Wheras the rights are
r = right to read
w = right to write/modify
x = right to let the file interpreted by CPU or command processor like bash or java

for
lethand grop = owner
middle group = same group
right hand = anybody else

A NAS is a kind of network server with implicit login to the filr you will access. The server requires you to be a user like your local PC.

[pastic]

If the share allows write but the Linux permissions of the folder being shared on the NAS does not then it's up to the NAS to correct it not the client.

But in that case (which appears reasonable to me), I fail to see the purpose of adding dir_mode=0777,file_mode=0777,nounix to fstab? Would it not suffice just changing to permissions on the NAS? Do I need local mount options to explicitly mirror the remote permissions? I have a hard time understanding how local and remote permissions interact.

[altair4]

I have a hard time understanding how local and remote permissions interact.

They don't.

When you mounted the NAS you passed the user name peter with a password for peter set on the NAS. From that moment on everything you do will be as peter - on the NAS and not peter - on the client.

If you did not specify the uid / gid of peter in the mount the share would have mounted with root as owner / group and permissions of 755 - on the client. Root can read and write but everyone else can only read. When you added the uid / gid of peter in the mount you replaced root with you.

When I first read your post I thought the issue was that you needed others besides peter - on the client - to have write access which is why I added the 777 dir and file modes. But to the NAS even with the 777 modes on the client the only person accessing the share is peter - on the NAS.

The second issue is the Linux ( and I'm assuming the NAS is running Linux or something Linux-ish) permissions of the shared folder on the NAS. It's permissions have to match or be greater than the authority granted in the samba share.

So if I set permissions on my Public folder to 777 but create a samba share that stipulates read only access the client will only get read access since samba is the gatekeeper as it's permissions are less the than the Linux permissions.

Conversely if I set my Public folder to 755 but create a samba share that allows guest write access no one will get write access because Linux itself becomes the gatekeeper since it's permissions are less than the samba permissions. Samba never overrules Linux.

[pastic]

Thank you for taking the time to write such an elaborate answer! It is all coming together now.