Problems with Linux / OS X / Windows Permissions

[JR Gonzalez]

The goal:

Authenticate using the FreeNAS DC, auto mount CIFS shares using pam_mount.

So far I am able to authenticate across the board in Windows, OS X, and Linux.

My problems start with the Linux boxes. I can mount the CIFS share using pam_mount which calls mount.cifs. When I try to rm files copied to the share from the other 2 OS rm hangs (forever).

I also noticed odd things when creating a new Dataset and Share for it. For example. I can write to the share in OS X but when I try to rm files in OS X they disappear, then reappear. It is almost as though OS X attempts to rm it... thinks it did.. then the protocol says it didn't and the files reappear.

The new share was set to Windows permissions. Is it possible the method in which permissions are set for the dataset be an issue? Would it make more sense to use unix permissions across the board for compatibility reasons. If so will I have problems setting permissions per domain users/groups?

 

[JR Gonzalez]

Just to make it a bit more basic. I can write a file from OS X to the share and delete it in Windows. I can write a file from Windows and delete it from OS X. I can write and rm a file in Linux ONLY from the Linux box. When I try to rm a file written from OS X or Windows from the Linux box... rm just hangs there.

 

[SweetAndLow]

Sounds like you have a standard permissions problem. Who owns the files you are trying to manipulate?

 

[JR Gonzalez]

On the FreeNAS box they would be owned by DOMAIN\jrg and the group would be "Domain Users" ...

Code:

jrg@pi:/mnt/Apps$ touch testing
jrg@pi:/mnt/Apps$ ls -l testing
-rw-r--r-- 1 jrg domain users 0 May 23 05:23 testing
jrg@pi:/mnt/Apps$ rm testing
jrg@pi:/mnt/Apps$

Code:

jrg@pi:/mnt/Apps$ touch testing

I am able to delete testing from Windows

Code:

jrg@pi:/mnt/Apps$ rm tn2918.pdf

That file was copied from my Windows laptop to the share. It will sit there at rm and I see no error anywhere about anything.

 

[anodos]

Post following enclosed in [ code ] tags

• /usr/local/etc/smb4.conf
• zfs get aclmode <pool>/<dataset> (fill in as appropriate for your share)
• getfacl /path/to/share
• output of smbstatus when connected from clients

 

[JR Gonzalez]

Ok. I give up on this. No idea what the problem is but I'll just see about swapping to nfs4 for the Linux boxes. Sucks but I can't find an answer. Are there any instructions to map AD users on the FreeNAS box to nfs4 on Linux boxes?

 

[JR Gonzalez]

Code:

jrg@pi:/mnt/Media$ strace rm 95e01200f5f511e4b9e2d924432fe1f5.webm
execve("/bin/rm", ["rm", "95e01200f5f511e4b9e2d924432fe1f5"...], [/* 22 vars */]) = 0
brk(0)                                  = 0xebb000
uname({sys="Linux", node="pi", ...})    = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f2a000
access("/etc/ld.so.preload", R_OK)      = 0
open("/etc/ld.so.preload", O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=42, ...}) = 0
mmap2(NULL, 42, PROT_READ|PROT_WRITE, MAP_PRIVATE, 3, 0) = 0xb6f29000
close(3)                                = 0
open("/usr/lib/arm-linux-gnueabihf/libarmmem.so", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0h\5\0\0004\0\0\0"..., 512) = 512
lseek(3, 17960, SEEK_SET)               = 17960
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 960) = 960
lseek(3, 17696, SEEK_SET)               = 17696
read(3, "A.\0\0\0aeabi\0\1$\0\0\0\0056\0\6\6\10\1\t\1\n\3\f\1\22\4\24"..., 47) = 47
fstat64(3, {st_mode=S_IFREG|0644, st_size=18920, ...}) = 0
mmap2(NULL, 83236, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6ee8000
mprotect(0xb6eed000, 61440, PROT_NONE)  = 0
mmap2(0xb6efc000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0xb6efc000
mprotect(0xbefc2000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_GROWSDOWN) = 0
close(3)                                = 0
munmap(0xb6f29000, 42)                  = 0
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=43815, ...}) = 0
mmap2(NULL, 43815, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6f1f000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/arm-linux-gnueabihf/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0L\204\1\0004\0\0\0"..., 512) = 512
lseek(3, 1239936, SEEK_SET)             = 1239936
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 2840) = 2840
lseek(3, 1236500, SEEK_SET)             = 1236500
read(3, "A.\0\0\0aeabi\0\1$\0\0\0\0056\0\6\6\10\1\t\1\n\2\22\4\23\1\24"..., 47) = 47
fstat64(3, {st_mode=S_IFREG|0755, st_size=1242776, ...}) = 0
mmap2(NULL, 1312152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6da7000
mprotect(0xb6ed2000, 65536, PROT_NONE)  = 0
mmap2(0xb6ee2000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12b000) = 0xb6ee2000
mmap2(0xb6ee5000, 9624, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6ee5000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f1e000
set_tls(0xb6f1e4c0, 0xb6f1eba8, 0xb6f2d050, 0xb6f1e4c0, 0xb6f2d050) = 0
mprotect(0xb6ee2000, 8192, PROT_READ)   = 0
mprotect(0xb6ee8000, 20480, PROT_READ|PROT_WRITE) = 0
mprotect(0xb6ee8000, 20480, PROT_READ|PROT_EXEC) = 0
cacheflush(0xb6ee8000, 0xb6eed000, 0, 0x15, 0xbefc2820) = 0
mprotect(0x2a000, 4096, PROT_READ)      = 0
mprotect(0xb6f2c000, 4096, PROT_READ)   = 0
munmap(0xb6f1f000, 43815)               = 0
brk(0)                                  = 0xebb000
brk(0xedc000)                           = 0xedc000
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1613360, ...}) = 0
mmap2(NULL, 1613360, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6c1d000
close(3)                                = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
newfstatat(AT_FDCWD, "95e01200f5f511e4b9e2d924432fe1f5.webm", {st_mode=S_IFREG|0644, st_size=3217011, ...}, AT_SYMLINK_NOFOLLOW) = 0
geteuid32()                             = 2000
newfstatat(AT_FDCWD, "95e01200f5f511e4b9e2d924432fe1f5.webm", {st_mode=S_IFREG|0644, st_size=3217011, ...}, AT_SYMLINK_NOFOLLOW) = 0
faccessat(AT_FDCWD, "95e01200f5f511e4b9e2d924432fe1f5.webm", W_OK) = 0
unlinkat(AT_FDCWD, "95e01200f5f511e4b9e2d924432fe1f5.webm", 0) = -1 EHOSTDOWN (Host is down)
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
fcntl64(3, F_GETFD)                     = 0x1 (flags FD_CLOEXEC)
fstat64(3, {st_mode=S_IFREG|0644, st_size=2492, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f29000
read(3, "# Locale name alias data base.\n#"..., 4096) = 2492
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0xb6f29000, 4096)                = 0
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib/charset.alias", O_RDONLY|O_LARGEFILE|O_NOFOLLOW) = -1 ENOENT (No such file or directory)
write(2, "rm: ", 4rm: )                     = 4
write(2, "cannot remove \342\200\23095e01200f5f511e"..., 57cannot remove ‘95e01200f5f511e4b9e2d924432fe1f5.webm’) = 57
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, ": Host is down", 14: Host is down)          = 14
write(2, "\n", 1
)                       = 1
_llseek(0, 0, 0xbefc2a28, SEEK_CUR)     = -1 ESPIPE (Illegal seek)
close(0)                                = 0
close(1)                                = 0
close(2)                                = 0
exit_group(1)                           = ?
+++ exited with 1 +++

 

[JR Gonzalez]

This is one from the same dir on the windows box. Copied to the same share on the FreeNAS box... then rm from the debian box using mount.cifs:

Code:

jrg@pi:/mnt/Media$ strace rm Rose\ Noah\ Hug.mp4
execve("/bin/rm", ["rm", "Rose Noah Hug.mp4"], [/* 22 vars */]) = 0
brk(0)                                  = 0x974000
uname({sys="Linux", node="pi", ...})    = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6fbc000
access("/etc/ld.so.preload", R_OK)      = 0
open("/etc/ld.so.preload", O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=42, ...}) = 0
mmap2(NULL, 42, PROT_READ|PROT_WRITE, MAP_PRIVATE, 3, 0) = 0xb6fbb000
close(3)                                = 0
open("/usr/lib/arm-linux-gnueabihf/libarmmem.so", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0h\5\0\0004\0\0\0"..., 512) = 512
lseek(3, 17960, SEEK_SET)               = 17960
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 960) = 960
lseek(3, 17696, SEEK_SET)               = 17696
read(3, "A.\0\0\0aeabi\0\1$\0\0\0\0056\0\6\6\10\1\t\1\n\3\f\1\22\4\24"..., 47) = 47
fstat64(3, {st_mode=S_IFREG|0644, st_size=18920, ...}) = 0
mmap2(NULL, 83236, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6f7a000
mprotect(0xb6f7f000, 61440, PROT_NONE)  = 0
mmap2(0xb6f8e000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0xb6f8e000
mprotect(0xbec91000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_GROWSDOWN) = 0
close(3)                                = 0
munmap(0xb6fbb000, 42)                  = 0
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=43815, ...}) = 0
mmap2(NULL, 43815, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6fb1000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/arm-linux-gnueabihf/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0L\204\1\0004\0\0\0"..., 512) = 512
lseek(3, 1239936, SEEK_SET)             = 1239936
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 2840) = 2840
lseek(3, 1236500, SEEK_SET)             = 1236500
read(3, "A.\0\0\0aeabi\0\1$\0\0\0\0056\0\6\6\10\1\t\1\n\2\22\4\23\1\24"..., 47) = 47
fstat64(3, {st_mode=S_IFREG|0755, st_size=1242776, ...}) = 0
mmap2(NULL, 1312152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6e39000
mprotect(0xb6f64000, 65536, PROT_NONE)  = 0
mmap2(0xb6f74000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12b000) = 0xb6f74000
mmap2(0xb6f77000, 9624, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6f77000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6fb0000
set_tls(0xb6fb04c0, 0xb6fb0ba8, 0xb6fbf050, 0xb6fb04c0, 0xb6fbf050) = 0
mprotect(0xb6f74000, 8192, PROT_READ)   = 0
mprotect(0xb6f7a000, 20480, PROT_READ|PROT_WRITE) = 0
mprotect(0xb6f7a000, 20480, PROT_READ|PROT_EXEC) = 0
cacheflush(0xb6f7a000, 0xb6f7f000, 0, 0x15, 0xbec91840) = 0
mprotect(0x2a000, 4096, PROT_READ)      = 0
mprotect(0xb6fbe000, 4096, PROT_READ)   = 0
munmap(0xb6fb1000, 43815)               = 0
brk(0)                                  = 0x974000
brk(0x995000)                           = 0x995000
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1613360, ...}) = 0
mmap2(NULL, 1613360, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6caf000
close(3)                                = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
newfstatat(AT_FDCWD, "Rose Noah Hug.mp4", {st_mode=S_IFREG|0644, st_size=4656405, ...}, AT_SYMLINK_NOFOLLOW) = 0
geteuid32()                             = 2000
newfstatat(AT_FDCWD, "Rose Noah Hug.mp4", {st_mode=S_IFREG|0644, st_size=4656405, ...}, AT_SYMLINK_NOFOLLOW) = 0
faccessat(AT_FDCWD, "Rose Noah Hug.mp4", W_OK) = 0
unlinkat(AT_FDCWD, "Rose Noah Hug.mp4", 0) = 0
_llseek(0, 0, 0xbec91a48, SEEK_CUR)     = -1 ESPIPE (Illegal seek)
close(0)                                = 0
close(1)                                = 0
close(2)                                = 0
exit_group(0)                           = ?
+++ exited with 0 +++