On 29/06/13 11:43, Chris Walker wrote:
On Thu, 27 Jun 2013 19:05:49 +0100 Chris Walker cdw_alug@the-walker-household.co.uk wrote:
On Thu, 27 Jun 2013 18:32:21 +0100 Keith Edmunds kae@midnighthax.com wrote:
On Thu, 27 Jun 2013 11:03:00 +0100, cdw_alug@the-walker-household.co.uk said:
I've made that change but if I now issue the command 'sudo mount -a' I get this :- This program is not installed setuid root - "user" CIFS mounts not
What does
grep -i user /etc/fstab
show?
Nothing. It just returns to the prompt.
I've been playing with this some more and I find that from a Debian installation running under Virtual Box, that doesn't have any problems with the user connecting to the same shares. I just clicked on 'Connect to Server', entered the IP address, user name and password and it worked. So trying again here on Mageia, I entered the following under Dolphin smb://Epox@storage_server/Epox_Share/ and again, after entering the userid and password, I can connect. So why is it that cifs makes me jump through these hoops?
On a possibly un-related note, I had an installation of Mageia running under Virtual Box (I did that before making the change from Mandriva) and I notice that it retains things like the size of the konsole window whereas the full installation doesn't. When I reboot, the konsole window is full screen on opening despite the option 'Save window size and position on exit' being ticked. So is it possible that some of the files don't have the correct permissions set for them? I have no idea how I would check that though. One file yes, lots of files, not a clue!
Firstly, when you use mount with type (-t) cifs, or mount via fstab with type cifs, the system uses program mount.cifs to do the mounting.
I think the problem is related to this thread: http://forums.fedoraforum.org/showthread.php?s=e91c6903c6d2def717b9b16e5d72c...
which points to this http://www.samba.org/samba/security/CVE-2009-2948.html
Which says, to paraphrase,
if you set the suid bit on mount.cifs, then, you will be able to run mount.cifs as if you were root, without having to use sudo or similar to prove you have permission to do so.
This is a security issue because it allows you to pass it a credentials file along with the verbose flag, and it will output some of the credentials file that the user may not have permission to see.
To prevent this, they've made sure that mount.cifs is not set with the suid flag by default in the default cifs/samba package, and on some installations at least, it will refuse to run if the suid flag is set on mount.cifs. Some people have had success in setting the suid flag, whereas others have recompiled mount.cifs disabling this feature.
The reason you've got this to work under the file manager may be because it is using something else to mount with, perhaps smb rather than cifs. cifs is the successor to smb (for mounting, from/on Linux) so IMO you should use it.
My settings for mounting are like this: //SharePath /MountPoint cifs _netdev,auto,credentials=/PathToCredentials,username=AUserName,uid=AUserName 0 0
Note: 1) I specify username and uid to be AUserName, e.g. tom, dick or harry, the same value for both. This is probably overkill, as one or the other would/should do, but also, the username is specified in my credentials file.
2) user in fstab has a specific meaning, meaning an unprivileged user can mount this drive. Does this conflict with mount.cifs which I think can use the user flag to mean username?
I don't set fstab's "user" flag, so user's can't mount it, unless they use sudo mount -a _netdev I was told apparently indicates it's a network device & so won't be mounted until the network is up.
The permissions for both my mount and mount.cifs on Lububtu (a flavour of Ububtu) are -rwsr-xr-x 1 root root, so they've both got setuid bit set.
Where to go from here? Firstly, do you need a user to mount these shares? I suspect not as they're in your fstab, so make sure user isn't in fstab (I think you have already).
2nd. Become root, using su or sudo -i (depending on your version of linux). experiment with mount.cifs and see if you can mount the shares.
e.g., in Lubuntu sudo -i
mount.cifs //sharename /mountpoint/ --verbose #This should error with Permission denied if you've disabled root as a login name on your NAS
mount.cifs //sharename /mountpoint/ -o user=AUserName --verbose #Should connect OK
umount //sharename
mount.cifs //sharename /mountpoint -o credentials=PathToYourCredentialsFile --verbose #should connect OK
umount //sharename
mount -t cifs -o credentials=PathToYourCredentialsFile //sharename /mountpoint --verbose #should connect OK
umount //sharename
Assuming all that's OK. Edit your FStab. Comment out all your NAS shares. Add a new one.
//storage_server/Epox_Share /media/Epox_Share cifs _netdev,auto,credentials=/etc/samba/auth.storage_server.Epox 0 0 Check your credentials file have the filename and path you've just specified, and contains username=AUSERNAME password=SOMEPASSWORD
where AUSERNAME and SOMEPASSWORD are appropriate for an authorised NAS user.
Save it. While still root, try
mount -a
Does it work?
Try some of the above whilst not root. If it fails, try setting the SUID bit.
If you get it working, check that the file permissions on your credentials file are very restrictive - mine are -rw------- 1 root root so only root can read and write it, that's it.
Hope that helps. Steve