FS#55883 - [kernel] 4.13.3-1-x86_64 don't working option uid and gid in mount

Attached to Project: Arch Linux
Opened by Bartosz Bartczak (batot) - Friday, 06 October 2017, 07:33 GMT
Last edited by Sven-Hendrik Haase (Svenstaro) - Thursday, 03 March 2022, 11:55 GMT
Task Type Bug Report
Category Kernel
Status Closed
Assigned To Jan Alexander Steffens (heftig)
Architecture x86_64
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
Past update kernel from 4.12.4-1-x86_64 to 4.13.3-1-x86_64 don't working option uid and gid in mount.

When back to kernel 4.12.4-1-x86_64 all option uid and git work property.
Somebody know what is wrong with kernel 4.13.3-1-x86_64 ?

Additional info:
Pacman -Syu
(all actual)

Steps to reproduce:
$ sudo pacman -Syu –ignore=linux*,nvidia*
...

$ sudo mount -t cifs -o user=bartosz,uid=bartosz,gid=bartosz,file_mode=0003,dir_mode=0007 //xxx.yyy.zzz.www/firma /home/bartosz/firma
Password for bartosz@//xxx.yyy.zzz.www/firma:
$ cd firma
$ ls -la
total 12
drwxrws---+ 9 bartosz bartosz 0 Dec 14 2016 .
drwx------ 87 bartosz bartosz 12288 Oct 6 08:48 ..
drwx--S---+ 5 bartosz bartosz 0 Jan 20 2014 .Trash-1000
drwx--S---+ 5 bartosz bartosz 0 Feb 3 2015 .Trash-1001
drwx--S---+ 5 bartosz bartosz 0 Aug 13 2015 .Trash-1004
drwxrws---+ 8 bartosz bartosz 0 Jul 7 2015 KOSZ_SIECIOWY
drwsrws---+ 19 bartosz bartosz 0 Oct 4 10:44 xxx
[...]

Now is all ok but look now past update

$ sudo pacman -Syu
:: Synchronizing package databases...
core is up to date
extra is up to date
community is up to date
multilib is up to date
archlinuxfr is up to date
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

Packages (3) linux-4.13.3-1 nvidia-340xx-340.104-1
nvidia-340xx-utils-340.104-1

Total Installed Size: 229.73 MiB
Net Upgrade Size: 2.25 MiB

:: Proceed with installation? [Y/n]
(3/3) checking keys in keyring [######################] 100%
(3/3) checking package integrity [######################] 100%
(3/3) loading package files [######################] 100%
(3/3) checking for file conflicts [######################] 100%
(3/3) checking available disk space [######################] 100%
:: Running pre-transaction hooks...
(1/1) Remove DKMS modules
==> No kernel 4.12.4-1-ARCH headers. You must install them to use DKMS!
==> No kernel 4.12.4-1-ARCH headers. You must install them to use DKMS!
:: Processing package changes...
(1/3) upgrading linux [######################] 100%
>>> Updating module dependencies. Please wait ...
(2/3) upgrading nvidia-340xx-utils [######################] 100%
If you run into trouble with CUDA not being available, run nvidia-modprobe first.
(3/3) upgrading nvidia-340xx [######################] 100%
In order to use nvidia module, reboot the system.
:: Running post-transaction hooks...
(1/4) Install DKMS modules
==> dkms install vboxguest/5.1.28_OSE -k 4.13.3-1-ARCH
==> dkms install vboxhost/5.1.28_OSE -k 4.13.3-1-ARCH
(2/4) Updating linux initcpios
==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'default'
-> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux.img
==> Starting build: 4.13.3-1-ARCH
-> Running build hook: [base]
-> Running build hook: [udev]
-> Running build hook: [autodetect]
-> Running build hook: [modconf]
-> Running build hook: [block]
-> Running build hook: [filesystems]
-> Running build hook: [keyboard]
-> Running build hook: [fsck]
-> Running build hook: [consolefont]
-> Running build hook: [keymap]
==> Generating module dependencies
==> Creating gzip-compressed initcpio image: /boot/initramfs-linux.img
==> Image generation successful
==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'fallback'
-> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-fallback.img -S autodetect
==> Starting build: 4.13.3-1-ARCH
-> Running build hook: [base]
-> Running build hook: [udev]
-> Running build hook: [modconf]
-> Running build hook: [block]
==> WARNING: Possibly missing firmware for module: wd719x
==> WARNING: Possibly missing firmware for module: aic94xx
-> Running build hook: [filesystems]
-> Running build hook: [keyboard]
-> Running build hook: [fsck]
-> Running build hook: [consolefont]
-> Running build hook: [keymap]
==> Generating module dependencies
==> Creating gzip-compressed initcpio image: /boot/initramfs-linux-fallback.img
==> Image generation successful
(3/4) Arming ConditionNeedsUpdate...
(4/4) Updating the desktop file MIME type cache...
$

$ pacman -Q linux-headers
linux-headers 4.13.3-1

reboot

[$ pwd
/home/bartosz
$ cd firma

$ ls -la
total 16
drwxr-xr-x 2 bartosz bartosz 4096 Dec 14 2016 .
drwx------ 87 bartosz bartosz 12288 Oct 6 09:03 ..

$ cd ..
$ sudo mount -t cifs -o user=bartosz,uid=bartosz,gid=bartosz,file_mode=0003,dir_mode=0007 //xxx.yyy.zzz.www/firma /home/bartosz/firma
[sudo] password for bartosz:
Password for bartosz@//xxx.yyy.zzz.www/firma:

$ df -h
Filesystem Size Used Avail Use% Mounted on
dev 3.9G 0 3.9G 0% /dev
run 4.0G 804K 4.0G 1% /run
/dev/sda2 292G 229G 49G 83% /
tmpfs 4.0G 0 4.0G 0% /dev/shm
tmpfs 4.0G 0 4.0G 0% /sys/fs/cgroup
tmpfs 4.0G 8.0K 4.0G 1% /tmp
/dev/sda1 504M 43M 436M 9% /boot
tmpfs 800M 8.0K 800M 1% /run/user/1000
//xxx.yyy.www.zzz/firma 915G 445G 471G 49% /home/bartosz/firma

$ cd firma

$ ls -la firma
ls: cannot open directory 'firma': Permission denied
[ ~]$ sudo ls -la firma
total 12
d------rwx 2 bartosz bartosz 0 Dec 14 2016 .
drwx------ 87 bartosz bartosz 12288 Oct 6 09:03 ..
d------rwx 2 bartosz bartosz 0 Jan 20 2014 .Trash-1000
d------rwx 2 bartosz bartosz 0 Feb 3 2015 .Trash-1001
d------rwx 2 bartosz bartosz 0 Aug 13 2015 .Trash-1004
d------rwx 2 bartosz bartosz 0 Jul 7 2015 KOSZ_SIECIOWY
d------rwx 2 bartosz bartosz 0 Oct 4 10:44 xxx
[...]
He looking like dont working option -o user=bartosz but root can go to directory.
But I'm mount 4 other directory in this same settting but all working ;)

$ sudo mount -t cifs -o user=bartosz,uid=bartosz,gid=bartosz,file_mode=0003,dir_mode=0007 //xxx.yyy.zzz.www/samba /home/bartosz/samba
[sudo] password for bartosz:
Password for bartosz@//xxx.yyy.zzz.www/samba:

$ df -h
Filesystem Size Used Avail Use% Mounted on
dev 3.9G 0 3.9G 0% /dev
run 4.0G 796K 4.0G 1% /run
/dev/sda2 292G 229G 49G 83% /
tmpfs 4.0G 0 4.0G 0% /dev/shm
tmpfs 4.0G 0 4.0G 0% /sys/fs/cgroup
tmpfs 4.0G 24K 4.0G 1% /tmp
/dev/sda1 504M 43M 436M 9% /boot
tmpfs 800M 8.0K 800M 1% /run/user/1000
//xxx.yyy.www.zzz/firma 915G 445G 471G 49% /home/bartosz/firma
//xxx.yyy.www.zzz/samba 915G 445G 471G 49% /home/bartosz/samba

$ cd samba
bash: cd: samba: Permission denied

$ umount samba

$ cd samba

$ cd ..

$ sudo mount -t cifs -o user=bartosz //xxx.yyy.zzz.www/samba /home/bartosz/samba
Password for bartosz@//xxx.yyy.zzz.www/samba:

$ cd samba

$ ls -la
total 12
drwxr-xr-x 2 root root 0 Sep 15 13:50 .
drwx------ 87 bartosz bartosz 12288 Oct 6 09:06 ..
drwxr-xr-x 2 root root 0 Oct 30 2013 .Trash-1000
drwxr-xr-x 2 root root 0 Aug 16 12:02 biblioteka
[...]

$ cd ..

$ ls -la |grep firma
d------rwx 2 bartosz bartosz 0 Dec 14 2016 firma


[ ~]$ umount samba
[ ~]$ cd samba
[ samba]$ ls
[ samba]$ cd ..

[ ~]$ sudo mount -t cifs -o user=bartosz,file_mode=0003,dir_mode=0007 //xxx.yyy.zzz.www/samba /home/bartosz/samba
[sudo] password for bartosz:
Password for bartosz@//xxx.yyy.zzz.www/samba:

[ ~]$ cd samba

[ samba]$ ls -la
total 12
d------rwx 2 root root 0 Sep 15 13:50 .
drwx------ 87 bartosz bartosz 12288 Oct 6 09:06 ..
d------rwx 2 root root 0 Oct 30 2013 .Trash-1000
d------rwx 2 root root 0 Aug 16 12:02 biblioteka
d------rwx 2 root root 0 Aug 22 10:13 elektronika
[...]

When back to kernel 4.12.4-1-x86_64 all option uid and git work property.
Sombady know what is wrong with kernel 4.13.3-1-x86_64 ?
This task depends upon

Closed by  Sven-Hendrik Haase (Svenstaro)
Thursday, 03 March 2022, 11:55 GMT
Reason for closing:  No response
Additional comments about closing:  2022-02-27: A task closure has been requested. Reason for request: No response in years. Assuming fixed upstream.
Comment by Bartosz Bartczak (batot) - Friday, 06 October 2017, 08:18 GMT
In kernel 4.12.4-x86_64 past mount "sudo mount -t cifs -o user=bartosz,file_mode=0003,dir_mode=0007 //xxx.yyy.zzz.www/samba /home/bartosz/samba" i have problme to premision read many files.
OMG too many problem for my head.
Please repair this.
This kernel change permission to access file.
Comment by AK (Andreaskem) - Friday, 06 October 2017, 08:51 GMT
Might be because the default cifs version was changed from the insecure 1.0 default?

https://lkml.org/lkml/2017/9/3/155

"While we've had lots of changes all over (4.13 was not particularly
big, but even a "solidly average" release is not exactly small), one
very _small_ change merits some extra attention, because it's one of
those very rare changes where we change behavior due to security
issues, and where people may need to be aware of that behavior change
when upgrading.

This time it's not really a kernel security issue, but a generic
protocol security issue.

The change in question is simply changing the default cifs behavior:
instead of defaulting to SMB 1.0 (which you really should not use:
just google for "stop using SMB1" or similar), the default cifs mount
now defaults to a rather more modern SMB 3.0.

Now, because you shouldn't have been using SMB1 anyway, this shouldn't
affect anybody. But guess what? It almost certainly does affect some
people, because they blithely continued using SMB1 without really
thinking about it.

And you certainly _can_ continue to use SMB1, but due to the default
change, now you need to be *aware* of it. You may need to add an
explicit "vers=1.0" to your mount options in /etc/fstab or similar if
you *really* want SMB1.

But if the new default of 3.0 doesn't work (because you still use a
pterodactyl as a windshield wiper), before you go all the way back to
the bad old days and use that "vers=1.0", you might want to try
"vers=2.1". Because let's face it, SMB1 is just bad, bad, bad.

Anyway, most people won't notice at all. And the ones that do notice
can check their current situation (just look at the output of "mount"
and see if you have any cifs things there), and you really should
update from the default even if you are *not* upgrading kernels."
Comment by Bartosz Bartczak (batot) - Friday, 06 October 2017, 09:59 GMT
Thanks for reply.
But in version CIFS 2.1still not working.

$ sudo mount -t cifs -o user=bartosz,uid=bartosz,gid=bartosz,file_mode=0003,dir_mode=0007,vers=2.1 //xxx.yyy.zzz.www/firma /home/bartosz/firma
Password for bartosz@//xxx.yyy.zzz.www/firma:
~]$ cd firma
bash: cd: firma: Permission denied


Maybe give me hint what do you need to do to work?
Yes I know can downgrade kernel, but if don't wont downgrade?
How use samba in actual server?
Comment by loqs (loqs) - Friday, 06 October 2017, 10:17 GMT
If you use the insecure vers=1.0?
Comment by Bartosz Bartczak (batot) - Friday, 06 October 2017, 10:29 GMT
But if you wont use secure version example ver=2.1 or higher?
Comment by Bartosz Bartczak (batot) - Friday, 06 October 2017, 14:03 GMT
I find procedure how fix.
Something wrong is with "mount -t cifs -u vers=2.1(...)"
when this same line use "mount.cifs -o vers=2.1...." all worked good.

"mount -t cifs" is broken.
Good luck.
Comment by Martin Wallin (guzzard) - Friday, 27 October 2017, 22:54 GMT
I have the same issue with cifs mount ownership being set to root with 4.13.x. If I boot with an older kernel, -lts for example, everything works fine..

I can get rw access by setting uid=username,gid=username in the options, but that was not needed before.

both mount -t cifs and mount.cifs working for me.

Error seen in journal when mounting:
kernel: CIFS VFS: ioctl error in smb2_get_dfs_refer rc=-2
Comment by Martin Wallin (guzzard) - Saturday, 28 October 2017, 08:46 GMT Comment by Andreas Radke (AndyRTR) - Tuesday, 10 December 2019, 10:16 GMT
Is this still an issue?

Loading...