samba - Jan 2023 - Cannnot create chroot on a cifs-mounted linux homedir -- missing dev/exec

Hallo!

I try to use a cifs/samba share (hosted on debian, samba 4.17) as
a homedir for a user in a vm (kvm) runnig debian with X (with xfce4).
In the beginning, I was not able to save settings, although
permissions look right (can read/write/modify) and the GTK-Warning
(which claims missing permissons, not telling, which) went away.

I found the biggest crux: degrade the connection
to use "vers=1.0", which solves the first problem,
solved the GtK-WARNINGs and saved setting.

There is a remaining problem: Cannot create a chroot
on this filesystem using debootstrap.

What I see is, that there are no "dev" and
"exec" mount properties, but on this profile (the users
home) chroot's should be created and if one issues
debootstrap there is an error message (using root):
---
$ debootstrap --arch amd64 chimaera chr/ http://deb.devuan.org/merged
mknod: /home/ncu9/work/chr/test-dev-null: Permission denied
E: Cannot install into target '/home/ncu9/work/chr' mounted with noexec
or nodev
---
Indeed, the mount options reflect this, requested are:

//192.168.26.1/kvmabc-homes--ncu2  /home/ncu9  cifs
mfsymlinks,rw,exec,dev,suid,user_xattr,vers=1.0,username=mbu1-smb1,password=918273,iocharset=utf8,uid=2009,gid=2009,dir_mode=0755,file_mode=0755
0 0

The resulting mount option are:

vers=1.0,addr=192.168.26.1,gid=2009,uid=2009,acl,username=mbu1-smb1,relatime\
soft,rw,mfsymlinks,cache=strict,unix,actimeo=1,wsize=65536,rsize=1048576\
forcegid,forceuid,mapposix,posixpaths,echo_interval=60,bsize=1048576
 
To note is, I tried this on debian and devuan and even with gid=100.

MISSING: DEV, EXEC.

How can this be solved?

smb.conf:

[kvmabc-homes--ncu2]
        path = /pools/users/homes/kvmabc--ncu2
        browsable = yes
        read only = no
        locking = no
        create mask = 0777
        directory mask = 0777
        force directory mode = 0777

        root preexec = /ops/services/smb-mount-notify preexec %S c:%M ip:%I r:%P
        root postexec = /ops/services/smb-mount-notify postexec %S c:%M ip:%I
r:%P

        force user = abc
        force group = abc

        inherit acls = yes
        inherit permissions = yes
        inherit owner = yes

        guest ok = no

        valid users = root,mbu-smb1
        write list  = root,mbu-smb1
---
Thanks,
Manfred

On 10/01/2023 07:37, Manfred Braun via samba wrote:
> 
> Hallo!
> 
> I try to use a cifs/samba share (hosted on debian, samba 4.17) as
> a homedir for a user in a vm (kvm) runnig debian with X (with xfce4).
> In the beginning, I was not able to save settings, although
> permissions look right (can read/write/modify) and the GTK-Warning
> (which claims missing permissons, not telling, which) went away.
> 
> I found the biggest crux: degrade the connection
> to use "vers=1.0", which solves the first problem,
> solved the GtK-WARNINGs and saved setting.
You are going to have to find a way around that, eventually SMBv1 is 
going to go away.
> 
> There is a remaining problem: Cannot create a chroot
> on this filesystem using debootstrap.
> 
> What I see is, that there are no "dev" and
> "exec" mount properties, but on this profile (the users
> home) chroot's should be created and if one issues
> debootstrap there is an error message (using root):
> ---
> $ debootstrap --arch amd64 chimaera chr/ http://deb.devuan.org/merged
> mknod: /home/ncu9/work/chr/test-dev-null: Permission denied
> E: Cannot install into target '/home/ncu9/work/chr' mounted with
noexec or nodev
That may have something to do with whatever filesystem you are using, 
but it has nothing to do with Samba.
> ---
> Indeed, the mount options reflect this, requested are:
> 
> //192.168.26.1/kvmabc-homes--ncu2  /home/ncu9  cifs
mfsymlinks,rw,exec,dev,suid,user_xattr,vers=1.0,username=mbu1-smb1,password=918273,iocharset=utf8,uid=2009,gid=2009,dir_mode=0755,file_mode=0755
0 0
> 
> The resulting mount option are:
> 
>
vers=1.0,addr=192.168.26.1,gid=2009,uid=2009,acl,username=mbu1-smb1,relatime\
> soft,rw,mfsymlinks,cache=strict,unix,actimeo=1,wsize=65536,rsize=1048576\
> forcegid,forceuid,mapposix,posixpaths,echo_interval=60,bsize=1048576
>   
> To note is, I tried this on debian and devuan and even with gid=100.
> 
> MISSING: DEV, EXEC.
> 
> How can this be solved?
Absolutely no idea, but someone else might.
> 
> smb.conf:
> 
> [kvmabc-homes--ncu2]
>          path = /pools/users/homes/kvmabc--ncu2
>          browsable = yes
>          read only = no
>          locking = no
>          create mask = 0777
>          directory mask = 0777
>          force directory mode = 0777
> 
>          root preexec = /ops/services/smb-mount-notify preexec %S c:%M
ip:%I r:%P
>          root postexec = /ops/services/smb-mount-notify postexec %S c:%M
ip:%I r:%P
> 
>          force user = abc
>          force group = abc
> 
>          inherit acls = yes
>          inherit permissions = yes
>          inherit owner = yes
> 
>          guest ok = no
> 
>          valid users = root,mbu-smb1
>          write list  = root,mbu-smb1
No, that isn't your entire smb.conf, if is, then you have major 
problems, there is no '[global]' section. If you are going to post a 
smb.conf file, then post the entire smb.conf file, you can easily obtain 
this with 'testparm -s'.

Rowland

Hello,
Hallo, ;)

Am 10.01.2023 um 08:37 schrieb Manfred Braun via samba:
> Hallo!
[...]
> vers=1.0,...,username=mbu1-smb1,...
[...]
>          valid users = root,mbu-smb1
>          write list  = root,mbu-smb1
...maybe it works fine, but user "mbu1-smb1" is just not permitted to
do
anything ...?

Torsten