CIFS mount with user permission

E

engin

Active Member
Feb 21, 2018
20
0
41
41
Hello,

I couldn't see in the documentation but, Is there any configuration for changing mount parameters for CIFS shares?

Currently mounted CIFS share owner root and not-changable. And so no luck for the un-privileged containers for writing..

If I go with manual mount / fstab, will it broke the shared mount point option?

Thanks
 
Hi,

can you provide a little more information about your problem?
Because I don't know how do you mount the cifs share and how do you use it.
Do you use a bind mount in a Container on the cifs mount on the Host?
 
Hello @wolfgang ,

Here is the storage configuration for CIFS share.

Code: 
cifs: sbox
    path /mnt/pve/sbox
    server 192.168.1.98
    share backup
    content vztmpl,iso,backup
    maxfiles 5
    username backup

As you may guess, it's mounted under /mnt/pve/sbox with root user with other mount defaults.

I've a folder /mnt/pve/sbox/web-assets directory in it, and I want to share it with an un-privileged container read/write enabled.

In the container, mount point seen as nobody:nogroup (which is okay)

But from the proxmox hypervisor point, I can't change the ownership of the directory or mods of the any file.

Code: 
root@hp2:~# ls -la /mnt/pve/sbox/
total 4
drwxr-xr-x 2 root root    0 Aug 28 06:21 .
drwxr-xr-x 4 root root 4096 Aug 24 11:25 ..
drwxr-xr-x 2 root root    0 Aug 25 12:57 dump
drwxr-xr-x 2 root root    0 Aug 28 06:21 pxe
drwxr-xr-x 2 root root    0 Aug 24 11:25 template
drwxr-xr-x 2 root root    0 Aug 28 02:32 web-assets


Is there a way to share it as writable any other than making container privileged?

Thank you..
 
I think if I here is a way to provide custom mount options, it would be enough for me.
 
The problem is that root in an unprivileged container is not root on the host.
Root on the host has the UID and GID 0.
Inside the container, it is the same but the mount point is on the host.
unprivileged LXC has a UID/GUI remapping so the container root has the UID/GUI 100000 on the host to prevent root access.
You must only change the owner on this dir "web-assets" to 100000 and you can use it in the container.
 
yeah I see that,
and actually, it makes sense from the security point of view.
Is there a way to specify uid, gid for the CIFS mount in the storage.cfg?
 
You can set the user on dir level.

Code: 
chown 100000: /mnt/pve/sbox/web-assets
 
Since it's mounting with
Code: 
nounix
option, I can't change the permission attributes.
Here is the
Code: 
mount -a
output:
Code: 
//192.168.1.98/backup on /mnt/pve/sbox type cifs (rw,relatime,vers=3.0,cache=strict,username=backup,domain=,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.1.98,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=1048576,wsize=1048576,echo_interval=60,actimeo=1)

would be great to be able to change that mount options..
 
We are taking about DIR on a share and it is possible to change the owner on a CIFS mount.
 
Code: 
cifs: hetzner-backup
    path /mnt/pve/hetzner-backup
    server u12345.your-backup.de
    share backup
    content backup,iso,vztmpl
    maxfiles 2
    username u12345

Code: 
root@pixie:~# mount
...
//u12345.your-backup.de/backup on /mnt/pve/hetzner-backup type cifs (rw,relatime,vers=3.0,cache=strict,username=u12345,domain=,uid=0,noforceuid,gid=0,noforcegid,addr=195.201.107.51,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=1048576,wsize=1048576,echo_interval=60,actimeo=1)

Now I want to make subdirectory aaa/ in CIFS mount will be available in unprivileged container:

Code: 
root@pixie:~# ls -alFh /mnt/pve/hetzner-backup/
total 8.5K
drwxr-xr-x 2 root root 0 Mar 19 11:18 ./
drwxr-xr-x 7 root root 7 Mar 19 10:58 ../
drwxr-xr-x 2 root root 0 Mar 19 11:18 aaa/
drwxr-xr-x 2 root root 0 Mar 19 05:01 dump/
drwxr-xr-x 2 root root 0 May 16  2018 template/
root@pixie:~# chown 100000: /mnt/pve/hetzner-backup/aaa/
chown: invalid spec: ‘100000:’
root@pixie:~# chown 100000:100000 /mnt/pve/hetzner-backup/aaa/
root@pixie:~# ls -alFh /mnt/pve/hetzner-backup/
total 8.5K
drwxr-xr-x 2 root root 0 Mar 19 11:18 ./
drwxr-xr-x 7 root root 7 Mar 19 10:58 ../
drwxr-xr-x 2 root root 0 Mar 19 11:18 aaa/
drwxr-xr-x 2 root root 0 Mar 19 05:01 dump/
drwxr-xr-x 2 root root 0 May 16  2018 template/
no changes for aaa/

what am I doing wrong?
 
sigo said:
what am I doing wrong?
Click to expand...
I guess nothing. I don't know Hetzner Samba config but I guess you are not allowed to set this user.
When I wrote it is possible this does not mean you have the permission to do it.
 
wolfgang said:
I guess nothing. I don't know Hetzner Samba config but I guess you are not allowed to set this user.
When I wrote it is possible this does not mean you have the permission to do it.
Click to expand...
Old thread, but he is actually right ! The uid/gid cannot be changed on a cifs mount.... Not OK imo !
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back