Rowland Penny
2024-Mar-27 18:13 UTC
[Samba] Linux Mint 21.3 client AD joined OK but no usb working
On Wed, 27 Mar 2024 14:45:03 -0300 "Douglas G. Oechsler via samba" <samba at lists.samba.org> wrote:> Em qua., 27 de mar. de 2024 ?s 14:34, Rowland Penny via samba < > samba at lists.samba.org> escreveu: > > > On Wed, 27 Mar 2024 14:09:52 -0300 > > "Douglas G. Oechsler" <doguibnu at gmail.com> wrote: > > > > > > > The pendrive is plugged > > > > > > > > > > /media$ ls -l > > > > > total 4 > > > > > drwxr-x---+ 4 root root 4096 mar 27 08:59 douglas-ti > > > > > 70920 at douglas-note:/media$ > > > > > > > > That on the face of it is only allowing the 'root' user full > > > > permissions on the directory 'douglas-ti' (which I take it the > > > > USB drive) and members of the 'root' group, read and > > > > enter/traverse. There is however the '+' sign on the end of > > > > permissions, which signifies that there is an EA in use, so > > > > what does 'getfacl /media' show ? > > > > > > > > Rowland > > > > > > > > It shows: > > > > > > > > > > 70920 at douglas-note:/$ getfacl media > > > # file: media > > > # owner: root > > > # group: root > > > user::rwx > > > group::r-x > > > other::r-x > > > > > > > > > > That shows that anyone can traverse the /media directory to get to > > the USB drives below it. > > > > What I didn't notice was that you gave me the permissions for the > > USB drive directory ( I asked for 'ls -l /media', you cd'ed into > > /media,ran 'ls -l' and gave me the permissions of the USB drive > > directory) > > > > I am sorry! > > > > > So can you know give me the output of 'getfacl /media/douglas-ti' > > > > > 70920 at douglas-note:~$ getfacl /media/douglas-ti > # file: media/douglas-ti > # owner: root > # group: root > user::rwx > user:douglas-ti:r-x > group::--- > mask::r-x > other::--- >OK, there doesn't seem to be anything stopping the user 'douglas-ti' reading & traversing to the USB drive. In an attempt to understand this, I plugged in a USB drive and guess what, I am in the same place, I can read and traverse the drive, but I cannot write to it. Now thinking about apparmor, could this be stopping writing to the drive ?> > Rowland > > > > PS can you please stop CC'ing me, just reply to the list. > > > > Right, sorryNo problem, it just makes things easier for me. Rowland
Rowland Penny
2024-Mar-28 11:33 UTC
[Samba] Linux Mint 21.3 client AD joined OK but no usb working
On Wed, 27 Mar 2024 18:13:16 +0000 Rowland Penny via samba <samba at lists.samba.org> wrote:> > Now thinking about apparmor, could this be stopping writing to the > drive ? >No, I removed apparmor and rebooted, no different. Tried to format the drive, but it seems to have gone read only, so used another drive and formatted that. When I insert the USB drive, it gets mounted on /media/rowland/usbdrive1 Checking the permissions on the path, shows this: rowland at devstation:~$ ls -ld /media/ drwxr-xr-x 4 root root 4096 Mar 27 17:15 /media/ Anyone can traverse /media rowland at devstation:~$ ls -ld /media/rowland/ drwxr-x---+ 3 root root 4096 Mar 28 09:36 /media/rowland/ There is an EA, so check that: rowland at devstation:~$ getfacl /media/rowland/ getfacl: Removing leading '/' from absolute path names # file: media/rowland/ # owner: root # group: root user::rwx user:rowland:r-x group::--- mask::r-x other::--- Only 'root', members of the 'root' group and 'rowland' can traverse /media/rowland rowland at devstation:~$ ls -ld /media/rowland/usbdrive1/ drwxr-xr-x 3 root root 4096 Mar 28 09:32 /media/rowland/usbdrive1/ So 'rowland' can traverse to the 'usbdrive1' directory, but only 'root' can write to it. WHY ?????????? It mounts the drive in a directory named after the user, it allows the user to get to the drive, but then denies the user the ability to write to the drive. Off to find out just what 'mounts' the drive and how. Rowland