Getting permissions right with systemd mount unit

Okay42 · 19 July 2021 13:46

Hi!
I’m trying to solve an issue, where my samba transfer speeds are super low ( ~2 MB/s), when using nemo (and gvfs-smb).
Apparently mounting a smb share with cifs should solve this issue. This I’m trying to achieve with the systemd mount unit.

However I seem not to get the permissions right. This is my .mount-file:

[Unit]
Description=JnternetyDocuments Mount
After=network.target
Wants=network-online.target

[Mount]
What=//fritz.box/jnternety.nas/Documents
Where=/home/username/Jnternety/Documents
Type=cifs
Options=_netdev,iocharset=utf8,rw,file_mode=0777,dir_mode=0777,credentials=/etc/samba/credentials/jnternety,workgroup=WORKGROUP
TimeoutSec=30

[Install]
WantedBy=remote-fs.target
WantedBy=multi-user.target

and my credentials file ist:

username=nasuser
password=PASSWORD

It mounts the share allright, but I cant open any files (as user), because I always end up with root for owner and group. Strangely the same happens also even when I just remove the credentials option all together.
Do I have to disable the mounting in Nemo somehow? Or am I missing anything else?

linux-aarhus · 19 July 2021 15:33

No matter how you mount it - the permissions on the mountpoint applies - and those are client permissions - as there is no server permissions applicable for smb mounts.

Fabby · 20 July 2021 21:21

Try adding to your [Mount] section in the Options line the following option to the end:

,vers=1.0

and in your /etc/samba/smb.conf set

client min protocol = NT1

Please note that this share should only be internal to your LAN and should never be exposed to the Internet as there is a serious security flaw in the SMB version 1 protocol and you should never hand out your internal WiFi passwords to guests and only allow them to use the Guest network!

I’m only posting this as you’re sharing your mount world-readable (0777) anyway!
I’ve verified a Fritz!Box can have a guest network.

Okay42 · 22 July 2021 13:39

Hey, thanks for the tips,

I was hoping to avoid that, since my Fritzbox 7490 should apparently have no problems with higher versions:
SMB-versions-supported-by-the-FRITZ-Box
It works under Windows, without enabling smb1 support and I also can mount the share allright with Nemo and gvfs-smb under:
/run/user/1000/gvfs/smb-share:server=fritz.box,share=jnternety.nas

Tried it nevertheless and reverted back, since it didn’t work anyway.

BTW, this is my smb.conf:

[global]
   workgroup = WORKGROUP
   dns proxy = no
   log file = /var/log/samba/%m.log
   max log size = 1000
   client min protocol = SMB2
   server role = standalone server
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
   pam password change = yes
   map to guest = Bad Password
   usershare allow guests = yes
   name resolve order = lmhosts bcast host wins
   security = user
   guest account = nobody
   usershare path = /var/lib/samba/usershare
   usershare max shares = 100
   usershare owner only = yes
   force create mode = 0070
   force directory mode = 0070

[homes]
   comment = Home Directories
   browseable = no
   read only = yes
   create mask = 0700
   directory mask = 0700
   valid users = %S 

[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700

[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no

What i was also trying is to just mount it with mount -t cifs through cli, like this:

   sudo mount -t cifs //fritz.box/jnternety.nas/Documents /home/yury/Jnternety -o credentials=/etc/samba/credentials/jnternety,rw

optionally even with these addtional options: uid=yury,gid=yury,file_mode=0777,dir_mode=0777,forceuid,forcegid

This is the same command executed by systemd mount.unit, right?

And I could again mount the share, even the ls -la shows all the proper permissions, but i still can open any file, e.g.:

when opening a pdf with xed

** (xed:8457): WARNING **: 15:30:44.207: Hit unhandled case 0 (Error opening file /home/yury/Jnternety/PC1SoSe2021_Blatt10.pdf: Stale file handle) in parse_error.

when opening a png with pix

 (pix:8507): GLib-GObject-WARNING **: 15:32:31.290: g_type_class_add_private() called multiple times for the same type

Fabby · 22 July 2021 14:41

What’s the output of:

smbclient --list=fritz.box --no-pass

Okay42 · 30 August 2021 16:13

Hey Fabby!

Thanks for sticking with me, I just now came to follow up on your question, the output is here:

	Sharename       Type      Comment
	---------       ----      -------
	IPC$            IPC       IPC Service
	JNTERNETY.NAS   Disk      FRITZ!Box
SMB1 disabled -- no workgroup available

Fabby · 30 August 2021 16:18

I don’t have a Fritz!Box any more in the meantime.

The only thing that I still might be able to help with is: format the disk you attach to the Fritz!Box with FAT32: that doesn’t have any file permissions all by itself, so it’s samba that will simulate them for you…

Okay42 · 30 August 2021 17:19

The permissions work flawlessly, when mounting with gvfs, via nemo-share and manjaro-settings-samba as discribed under Using Samba in your File Manager

However I’m getting transfer speed from and to a smb share of roughly 1.7 MB/s.This issue is know and has been discussed multiple times for example here:

Trying to circumvent the problem, I was planning to switch to cifs (solution from first link), since installing gvfs-git and gvfs-smb-git (solution from second link) is not working anymore, since gvfs-git is newer then required by gvfs-smb-git.

Any ideas?

It really sucks, that the same drive mounted under Windows is around 10x faster than my current linux approach.

Fabby · 30 August 2021 17:39

TL;DR

Use the command line

The long version:

KDE had the same problem, but I filed a bug and nowadays:

cp /path/to/file /path/to/NAS

is still a tiny bit (<10%) faster than Dolphin so:

File a bug
use the command line while you’re waiting for the bug to be resolved (Took 9 months on KDE)

Alternatively, create a new user, install KDE there, do all heavy file copies in KDE.

Okay42 · 3 September 2021 08:16

Hmm…

Chears for the tips, I’ve tried the cp command

cp /run/user/1000/gvfs/smb: ... /home/username/folder

Was just slow, as usual, than I’ve installed the mv command and tried the same

mv /run/user/1000/gvfs/smb: ... /home/username/folder

Was as slow as previous but with a speed display of the expected 1.7 MB/s

Now, I’m in KDE Plasma and copying over gui (in Dolphin) from
smb://nasuser@fritz.box/JNTERNETY.NAS/Documents/ to a user folder results in 1.7 MiB/s…

cp doesn’t work with “smb:…” address, right? I’m getting:

cp: cannot stat 'smb://nasuser@fritz.box/JNTERNETY.NAS/Documents/Pictures/': No such file or directory

Fabby · 3 September 2021 08:23

Hold your horses!

That’s an automount?

Why aren’t you using the /home/username/Jnternety/Documents you mounted in systemd???

Okay42 · 3 September 2021 09:42

Yeah,
So under Cinnamon, when I mount the smb share via Nemo gui, it’s getting mounted with gvfs under

/run/user/1000/gvfs/smb-share:server=fritz.box,share=jnternety.nas

It has than proper (user) permissions, but the transfer is capped at 1.7 MB/s.
I guess it uses the gvfs-smb, nemo-share and manjaro-settings-samba packages as described here

I have failed sofar to mount manually with cifs, since I always had gotten the wrong (root) permissions on the mounted directories and files, even when supplying uid=yury,gid=yury,file_mode=0777,dir_mode=0777,forceuid,forcegid.

ls -l outputs the proper permissions and ownership, but i still cannot open any file as user.

Fabby · 3 September 2021 09:58

I did some digging around in my old configs and this used to work on a FRITZ!Box:

Drive formatted under FAT32 on my Manjaro system and then hooked up to the FRITZ!Box

Mount command used to be:

mount -t cifs -o rw,username=nasuser,password=Whatever,domain=yury-WGP,vers=1.0 //yury-FRITZ/yury-NAS/yury_NAS /media/yuryNAS/

Where:
- nasuser is your current NAS user that I can decuce from your posts
- Whatever is your password
- yury-WGP is the workgroup name that I don’t like being WORKGROUP so I changed it in the FRITZ!Box and then used that on the Manjaro system too.
- vers=1.0 because at the time, the Fritz-firmware didn’t support anything else (try that!)
- yury-FRITZ is the name of the FRITZ!Box because I like to configure things the way they should be ~~and fritz.box is a stoopid name~~
- yury-NAS is the name of the NAS itself
- yury_NAS is the name of the directory that was shared on the NAS itself

That’s all the information I can give you: I’m officially bailing out because I don’t know what you did wrong where and I don’t have a FRITZ!Box any more, so can’t test/help you any further!

Okay42 · 3 September 2021 10:44

Thanks a lot for the help, Fabby!

So, yeah I’ve also read somewhere, that apparently one can mount as user and not sudo, since running mount as sudo sets the permissions to root, sorry don’t have a reference right now.
(P.S.: One also has to run systemctl as sudo, right?)

Because I’m currently getting, when running the command as user.

mount.cifs: permission denied: no match for /home/yury/Jnternety/Documents found in /etc/fstab

It’s confusing me now even more, do I need a line in /etc/fstab to manually mount drives?
How should such a line look like, if I don’t want to mount it automatically on every boot, since I’m on a laptop and not having a drive, that is stated in fstab available, would lead to manjaro not booting, right?

linux-aarhus · 3 September 2021 11:12

No you don’t - but if you put in the line in fstab - you must ensure the share is not mounted until the network is up and the NAS is available.

The naming is a remnant from the first reverse engineering done on the proprietary Microsoft CIFS (Common Internet File System) which later was renamed to SMB and is still a proprietary Microsoft filesharing protocol.

The Linux Samba project is still reverse engineered from proprietary SMB (Microsoft).

I have SMB shares running of a Linux box - I mount it using systemd mount- and automount units.

I have lately reworked the my topic with sample mount units and I can guarantee they are working and I have no problems with transfer rates over the wire.

The sample units can be found in the following topic

Setting up fstab can be very confusing and error prone whereas the mount units is easier to work with.

I know - fstab is a mantra - because everything circles around fstab.

When you use a modern EFI booted computer and a systemd based distribution like Manjaro it is possible - if your setup is not complicated - to completely ignore fstab - and your system will work anyway.

You can mount remote filesystems and devices using systemd - and it is done on the fly - silently connection and disconnecting in the background.

Okay42 · 3 September 2021 11:56

Hello Aarhus!
Thanks for jumping in and teaching this noob

I’ve referenced again with your examples, this is my modified home-yury-Jnternety-Documents.mount :

[Unit]
Description=JnternetyDocuments Mount

[Mount]
What=//fritz.box/jnternety.nas/Documents
Where=/home/yury/Jnternety/Documents
Type=cifs
Options=_netdev,iocharset=utf8,rw,file_mode=0777,dir_mode=0777,credentials=/etc/samba/credentials/jnternety
TimeoutSec=30

[Install]
WantedBy=multi-user.target

after running sudo systemctl daemon-reload and systemctl start home-yury-Jnternety-Documents.mount, I’m getting this ls -l output

total 3552
-rwxrwxrwx 1 root root 2751518  4. Jul 16:41
drwxrwxrwx 2 root root       0 15. Jul 15:39
-rwxrwxrwx 1 root root  158208  4. Jul 22:22
drwxrwxrwx 2 root root       0 26. Jun 16:18
drwxrwxrwx 2 root root       0 25. Jun 23:42
-rwxrwxrwx 1 root root  483931 25. Jun 10:33
-rwxrwxrwx 1 root root  217748 25. Jun 08:38
drwxrwxrwx 2 root root       0 30. Aug 12:36
drwxrwxrwx 2 root root       0 25. Jun 23:05
drwxrwxrwx 2 root root       0 26. Jun 15:24

My drive at the FritzBox router is formatted ext3, so I followed your point 5. Check permissions and have run

sudo chmod ugo+rw /home/yury/Jnternety/Documents -R

Which didn’t change ls -l output at all and I still can’t open files NEITHER as user NOR as root…

linux-aarhus · 3 September 2021 12:25

Stop the mount

sudo systemctl stop home-yury-Jnternety-Documents.mount

Then check the permissions on the folder

ls -l ~/Jnternety

Adjust owner on the structure

sudo chown yury:yury  /home/yury/Jnternety -R

Check again by listing

ls -l ~/Jnternety

It should list you as owner and group and with all permissions - if not set permissions for user

sudo chmod u+rw /home/yury/Jnternety -R

Then start the mount

sudo systemctl start home-yury-Jnternety-Documents.mount

List the the content of the mount

ls -l ~/Jnternety/Documents

automount
If everything is OK - and you want the share to mount automatically - stop and disable the mount

sudo systemctl disable --now home-yury-Jnternety-Documents.mount

Then create a new unit file

sudo touch /etc/systemd/system/home-yury-Jnternety-Documents.automount

Edit the file and use content from the sample unit - adjusted for your use case - then start and enable the automount unit.

sudo systemctl enable --now home-yury-Jnternety-Documents.automount

When you enter the mountpoint - using terminal or filemanager - it will silently mount and display the content.

After the defined timeout - it will silently unmount - thus using no resources.