Rowland Penny
2024-Mar-28 17:53 UTC
[Samba] Linux Mint 21.3 client AD joined OK but no usb working
On Thu, 28 Mar 2024 11:33:16 +0000 Rowland Penny via samba <samba at lists.samba.org> wrote:> On Wed, 27 Mar 2024 18:13:16 +0000 > Rowland Penny via samba <samba at lists.samba.org> wrote: > > > > Now thinking about apparmor, could this be stopping writing to the > > drive ? > > > > No, I removed apparmor and rebooted, no different. > > Tried to format the drive, but it seems to have gone read only, so > used another drive and formatted that. > > When I insert the USB drive, it gets mounted on > /media/rowland/usbdrive1 > > Checking the permissions on the path, shows this: > > rowland at devstation:~$ ls -ld /media/ > drwxr-xr-x 4 root root 4096 Mar 27 17:15 /media/ > > Anyone can traverse /media > > rowland at devstation:~$ ls -ld /media/rowland/ > drwxr-x---+ 3 root root 4096 Mar 28 09:36 /media/rowland/ > > There is an EA, so check that: > > rowland at devstation:~$ getfacl /media/rowland/ > getfacl: Removing leading '/' from absolute path names > # file: media/rowland/ > # owner: root > # group: root > user::rwx > user:rowland:r-x > group::--- > mask::r-x > other::--- > > Only 'root', members of the 'root' group and 'rowland' can traverse > /media/rowland > > rowland at devstation:~$ ls -ld /media/rowland/usbdrive1/ > drwxr-xr-x 3 root root 4096 Mar 28 09:32 /media/rowland/usbdrive1/ > > So 'rowland' can traverse to the 'usbdrive1' directory, but only > 'root' can write to it. > > WHY ?????????? > > It mounts the drive in a directory named after the user, it allows the > user to get to the drive, but then denies the user the ability to > write to the drive. > > Off to find out just what 'mounts' the drive and how. > > Rowland >It seems that it is udev and udisks2 that automatically mount the USB drive after it is plugged into a USB port. The problem is I stated earlier, whilst it is mounted under a directory with the users name, it is mounted rwx for root and r-x for the user (others), which, if you think about it, is probably correct for a removable drive. Whilst the user may have one ID on a computer, they may have another ID on a different computer. The only cure I can find is to change the owner of the USB drives directory, e.g. chown rowland /media/rowland/usbdrive1 Rowland
Kees van Vloten
2024-Mar-28 18:04 UTC
[Samba] Linux Mint 21.3 client AD joined OK but no usb working
On 28-03-2024 18:53, Rowland Penny via samba wrote:> On Thu, 28 Mar 2024 11:33:16 +0000 > Rowland Penny via samba <samba at lists.samba.org> wrote: > >> On Wed, 27 Mar 2024 18:13:16 +0000 >> Rowland Penny via samba <samba at lists.samba.org> wrote: >>> Now thinking about apparmor, could this be stopping writing to the >>> drive ? >>> >> No, I removed apparmor and rebooted, no different. >> >> Tried to format the drive, but it seems to have gone read only, so >> used another drive and formatted that. >> >> When I insert the USB drive, it gets mounted on >> /media/rowland/usbdrive1 >> >> Checking the permissions on the path, shows this: >> >> rowland at devstation:~$ ls -ld /media/ >> drwxr-xr-x 4 root root 4096 Mar 27 17:15 /media/ >> >> Anyone can traverse /media >> >> rowland at devstation:~$ ls -ld /media/rowland/ >> drwxr-x---+ 3 root root 4096 Mar 28 09:36 /media/rowland/ >> >> There is an EA, so check that: >> >> rowland at devstation:~$ getfacl /media/rowland/ >> getfacl: Removing leading '/' from absolute path names >> # file: media/rowland/ >> # owner: root >> # group: root >> user::rwx >> user:rowland:r-x >> group::--- >> mask::r-x >> other::--- >> >> Only 'root', members of the 'root' group and 'rowland' can traverse >> /media/rowland >> >> rowland at devstation:~$ ls -ld /media/rowland/usbdrive1/ >> drwxr-xr-x 3 root root 4096 Mar 28 09:32 /media/rowland/usbdrive1/ >> >> So 'rowland' can traverse to the 'usbdrive1' directory, but only >> 'root' can write to it. >> >> WHY ?????????? >> >> It mounts the drive in a directory named after the user, it allows the >> user to get to the drive, but then denies the user the ability to >> write to the drive. >> >> Off to find out just what 'mounts' the drive and how. >> >> Rowland >> > It seems that it is udev and udisks2 that automatically mount the USB > drive after it is plugged into a USB port. > The problem is I stated earlier, whilst it is mounted under a directory > with the users name, it is mounted rwx for root and r-x for the user > (others), which, if you think about it, is probably correct for a > removable drive. Whilst the user may have one ID on a computer, they > may have another ID on a different computer. > The only cure I can find is to change the owner of the USB drives > directory, e.g. chown rowland /media/rowland/usbdrive1 > > RowlandI did not read the whole thread back, so perhaps this is long obvious... If the user is a domain-user and the same id-mapping is used everywhere, it should get the same UID/GID everywhere...>