Changing permissions on bind mount

D

deranjer

Active Member
Dec 28, 2010
50
1
28
I have a SMB bind mount to a openvz client:


Code: 
#!/bin/bash
mount -o gid=107,uid=107 --bind /mnt/media /var/lib/vz/root/104/mnt/media

I am trying to set the owner of the bind mount to a user on the CLIENT. Not sure how to do that, since I get permission denied when I attempt to change it on the client itself. The ID of the user is 107 on the client, with made me try to mount it with that user, but really didn't think that would work.. at a loss at how to set the owner to a user on the client....
 
Anyone? I would take ANY solution to mount a SMB/CIFS share from my NAS box to my openvz container that allowed multiple owners (users on the openvz client). I was able to do this before by directly passing an external USB HDD to the container.... but now I have a NAS...
 
If I understand you correctly, you are doing

CIFS > Proxmox Host > CT

Why not have the CT mount the CIFS directly?

CIFS > CT
 
ilovecloud said:
If I understand you correctly, you are doing

CIFS > Proxmox Host > CT

Why not have the CT mount the CIFS directly?

CIFS > CT
Click to expand...


All of the information I have found shows that you cannot mount CIFS directly inside of CT, (link shown below). I used that forum post to read all my files, but I have multiple users writing to those files, so needed to chown individual directories so users could write to them. My old method was using my USB HDD and passing that through. Now that I'm thinking about it, might be a CIFS issue more than a bind issue, is it possible to change local permissions on a cifs share?

http://forum.openvz.org/index.php?t=msg&goto=4994&

smbfs/cifs isn't virtualized now,
you can't use it inside VE.
All available in VE filesystems resides in /proc/filestystems
file inside VE.

You can do the following to make smb shares available in VE:

On HOST (!):
mount -t cifs //192.168.1.30/test /mn
mount --bind /mn /vz/root/101/mn



 
deranjer,

My apologies, you are right. what am I thinking? :)

I am trying to understand your issue, "... I have multiple users ..."

Lets say you have 3 users: bob, john, and jack.

Do you mean you have a samba/CIFS server with those three users and 3 user directories and you would like to make all those 3 directories
accessible from the CT while preserving the ownership and permissions?

And you will create 3 users in CT, each user can login themselves and access their own directories from the server?
 
ilovecloud said:
deranjer,

My apologies, you are right. what am I thinking? :)

I am trying to understand your issue, "... I have multiple users ..."

Lets say you have 3 users: bob, john, and jack.

Do you mean you have a samba/CIFS server with those three users and 3 user directories and you would like to make all those 3 directories
accessible from the CT while preserving the ownership and permissions?

And you will create 3 users in CT, each user can login themselves and access their own directories from the server?
Click to expand...


Yeah, almost 100% certain this is more of a CIFS/SAMBA issue that I don't have enough knowledge about...


Well, for now it is sort of "solved" just giving my users' too much permission (not a huge deal, just have scripts running that I had locked down to specific folders/files for security)


On my old CT setup I had two users, and they had permissions set on their respective folders (HDD devnode passthrough from host), for example:
User1 (uid=1000) was owner of /mnt/media/Share/User1Folder
User2 (uid=1001) was owner of /mnt/media/Share/User2Folder

They couldn't write files to the other folders.

Now I have a NAS (instead of a 3tb usb drive I passed through to CT) and am trying to replicate the setup in an SMB share:
The SMB/CIFS share is from a Freenas box... that doesn't have the same users' as my CT (obviously).

So sharing it to the host box like such (fstab):
//192.168.1.125/MyFiles /mnt/media cifs uid=1000,gid=1001,credentials=/root/.smbcredentials,iocharset=utf8,file_mode=0777,dir_mode=0777 0 0

Then binding it using 105.mount
#!/bin/bash
mount -o gid=1001,uid=1000 --bind /mnt/media /var/lib/vz/root/105/mnt/media

And now both users' can write to all folders.. not exactly what I wanted, but it does work!
 
Yep, sounds like a combination of VE limitation + CIFS features making this complex.

You are not necessarily doing anything special, actually CIFS is more flexible as far as being able to de-couple between OS uid/gid against file server's user/group (in comparison to NFS that is).

But CIFS is not supported in OpenVZ at all. According to OpenVZ manual you can only mount NFS, Fuse and Bind Mount.
You are using Bind Mount right now, and you are loosing the user/group permission control during translation from host to CT.

Perhaps you can use NFS on your NAS?
Then you can use NFS user mapping feature and mount certain NFS mount only when certain user was logged in.

Just an idea... Good luck
 
Why don't you simply change the uid/gid on your NAS to match those in the CT (recursively for sespective dirs)? Or even simpler, change the UID/GID of your users in the CT. Anyway, UID/GID pairs must match on both ends. Either that or you could use samba ID maps, tho it's more relevant to Windows AD/DC integration. Also see the following links:

http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#FORCEUSER
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2605810
 
kobuki said:
Why don't you simply change the uid/gid on your NAS to match those in the CT (recursively for sespective dirs)? Or even simpler, change the UID/GID of your users in the CT. Anyway, UID/GID pairs must match on both ends. Either that or you could use samba ID maps, tho it's more relevant to Windows AD/DC integration. Also see the following links:

http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#FORCEUSER
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2605810
Click to expand...


Okay, I was wondering if something like that would work, but the bind mounting appeared to be destroying the permission structure for what I had....

So on my NAS I would create 2 users, match their UID's to my CT UID's, set permissions manually on my NAS box, then just export the SMB? Do I need to add the "uid=1000,gid=1001," line to my SMB mount command?
 
You can change the existing user's UID/GID on the client side too (and change the ownership in their homes accordingly). Of course if users run services under their IDs, you need to take those into consideration. Otherwise what you wrote also works. You don't need the uid and gid mount options then. EDIT: you could also use the [homes] facility of samba (see [homes] section in first link above).
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back