Hi,
I have 2 linux servers. One of them has a mount which I have mapped to a shared samba directory on the other server. Below will help you understand better.
smb.conf on Server1:
[global]
workgroup = WRKGRP
netbios name = smbserver
security = SHARE
load printers = No
default service = global
path = /home
available = No
guest account = nobody
encrypt passwords = yes
[share]
writeable = yes
path = /mnt/landingzone/CEMP
public = yes
available = yes
[velodrome]
writeable = yes
path = /mnt/landingzone/VELODROME
public = yes
available = yes
[sdvstaging]
writeable = yes
path = /mnt/landingzone/SDVSTAGING
force user = dbadmin
public = yes
available = yes
[landingzone]
writeable = yes
path =/mnt/landingzone
public = yes
available = yes
fstab on Server2
/dev/VolGroup00/LogVol00 / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/VolGroup00/LogVol01 swap swap defaults 0 0
//Server1/share /mnt/CEMP cifs username=dbadmin,password=#### 0 0
Below is the problem.
I get permissions denied problems on certain files when I try to access the shared directory from Server2.
On Server2:
jfverticavod01:/mnt/CEMP $ id
uid=501(dbadmin) gid=501(dbadmin) groups=501(dbadmin),504(verticadba),505(cemp) context=user_u:system_r:unconfined_t
jfverticavod01:/mnt/CEMP $ ls -lrt CEMP_VOD_ASSET_20110401.txt
-rw-r----- 1 cemp cemp 41680 Apr 2 11:00 CEMP_VOD_ASSET_20110401.txt
jfverticavod01:/mnt/CEMP $ more CEMP_VOD_SG_MAPPING_20110402.txt
CEMP_VOD_SG_MAPPING_20110402.txt: Permission denied
Can anyone help me with this? Why is id dbadmin being treated as "other user" when dbadmin is a part of the correct "cemp" group?
I don't see /mnt/CEMP being exported by samba AT ALL in your configfile but I'm assuming that's a typo of some sort.
Did this group get added to that user recently? You may need to restart samba for the new privileges to take effect.
Can you access them when logged in as that user, not through samba?
Hi,
The fstab on server2 has the below highlighted. So the /mnt/CEMP is mapped on fstab in Server2.
//Server1/share /mnt/CEMP cifs username=dbadmin,password=#### 0 0
Yes, when I am on Server1, I can access the file as dbadmin. I have restarted smb multiple times. The question is why am I not able to do so from Server2, as the same user?
THanks!
Maybe it's not the same user in the end -- check /etc/samba/smbusers to see if the username's mapped to something else
Hi,
On Server1 (which houses the data), below is the content of smbusers file. There is no smbusers file in Server2 (which is trying to access the data on Server1). Is there anything you see wrong?
[root@raplz-nb-a01 CEMP]# more /etc/samba/smbusers
# Unix_name = SMB_name1 SMB_name2 ...
root = administrator admin
nobody = guest pcguest smbguest
Thanks!
---------- Post updated 04-05-11 at 10:13 AM ---------- Previous update was 04-04-11 at 01:19 PM ----------
Any ideas to fix this? I even removed the guest account = nobody
from /etc/samba/smb.conf, and added dbadmin = dbadmin to /etc/samba/smbusers
Thanks.
That's not going to help.
Maybe you can enable more debugging in Samba to see why it's refusing?
OK. So, on Server2, I "cd"ed to /mnt/CEMP, Selected a file which has -rw-r----- as its permission. I tried to read it, and got the below error on smbd.log with NT_STATUS_ACCESS_DENIED errors.
[2011/04/06 08:25:20, 3] smbd/trans2.c:call_trans2qfilepathinfo(3365)
call_trans2qfilepathinfo CEMP_VOD_SG_MAPPING_20110404.txt (fnum = -1) level=512 call=5 total_data=0
[2011/04/06 08:25:20, 3] smbd/process.c:process_smb(1083)
Transaction 688 of length 164
[2011/04/06 08:25:20, 3] smbd/process.c:switch_message(932)
switch message SMBtrans2 (pid 9547) conn 0x2b013cc53450
[2011/04/06 08:25:20, 3] smbd/trans2.c:call_trans2setfilepathinfo(5846)
call_trans2setfilepathinfo(6) CEMP_VOD_SG_MAPPING_20110404.txt (fnum -1) info_level=521 totdata=18
[2011/04/06 08:25:20, 3] smbd/open.c:open_file(301)
Error opening file CEMP_VOD_SG_MAPPING_20110404.txt (NT_STATUS_ACCESS_DENIED) (local_flags=0) (flags=0)
[2011/04/06 08:25:20, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/trans2.c(6108) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED
What do you see when you ls -l it on server2? Since you're mounting it, and on a UNIX server, it may see the wrong permissions for some reason and refuse to even try to open it.
Hi,
THe servers are Linux - not Unix.
When I ls -l that file (which I get a permission denied when I try to access) from Server2, I get the below
Server2:/mnt/CEMP $ ls -l CEMP_VOD_SG_MAPPING_20110404.txt
-rw-r----- 1 cemp cemp 3185100 Apr 5 11:00 File_20110404.txt
I check my ID as below. As you can see, the dbadmin user is a part of "cemp" group - which means I should be able to access it.
Server2:/mnt/CEMP $ id
uid=501(dbadmin) gid=501(dbadmin) groups=501(dbadmin),504(verticadba),505(cemp) context=user_u:system_r:unconfined_t
But...
Server2:/mnt/CEMP $ more CEMP_VOD_SG_MAPPING_20110404.txt
CEMP_VOD_SG_MAPPING_20110404.txt: Permission denied
Any help with this? This is an unexpected behavior. I checked if selinux would be causing this issue - but selinux is disabled on this server.
Any ideas would be of great help!
Thanks!
Satish
What filesystem are the files stored on?
Looks like ext3.
The files on Server1 are mounted on /mnt/landingzone. So when I do a "mount" on Server1, I get below output snippet.
/dev/cciss/c0d1p1 on /mnt/landingzone type ext3 (rw)
Thanks!
Satish
---------- Post updated at 04:06 PM ---------- Previous update was at 04:00 PM ----------
Also, when I get into the samba prompt on Server2, I am able to successfully read the data. Check below for Server2.
smb: \> more CEMP_VOD_ASSET_20110410.txt
getting file \CEMP_VOD_ASSET_20110410.txt of size 35996 as /tmp/smbmore.JdEjmt (11717.1 kb/s) (average 11717.4 kb/s)
Only when I "cd" to the shared drive on Server2 (/mnt/CEMP) I am unable to do so - Permission denied.