cifs: setting times of `file1': Operation not permitted

[ljubom]

Hi,

I have a WD MyBook World NAS share mounted with following options (I tried also other options):

Code:

 cifs nouser,atime,auto,rw,nodev,noexec,nosuid,nodfs,nounix,guest,uid=0,gid=0,file_mode=0777,dir_mode=0777

The cp -a, touch, etc. commands can change the file time if the root is executing the command (means NAS supports time changing), but as an user I can't change the file time - with an exception changing of the time to the current time. For an illustration see below:

Code:

.../tmp> ls -la
total 0
drwxrwxrwx 1 root root 0 2010-03-14 09:18 ./
drwxrwxrwx 8 root root 0 2010-03-13 22:33 ../
-rwxrwxrwx 1 root root 0 2010-03-14 09:13 file1*

.../tmp> sudo touch -t 199901010101 file1
[sudo] password for user: 

.../tmp> ls -la
total 0
drwxrwxrwx 1 root root 0 2010-03-14 09:18 ./
drwxrwxrwx 8 root root 0 2010-03-13 22:33 ../
-rwxrwxrwx 1 root root 0 1999-01-01 01:01 file1*

.../tmp> touch file1

.../tmp> ls -la
total 0
drwxrwxrwx 1 root root 0 2010-03-14 09:18 ./
drwxrwxrwx 8 root root 0 2010-03-13 22:33 ../
-rwxrwxrwx 1 root root 0 2010-03-14 09:19 file1*

.../tmp> touch -t 199901010101 file1
touch: setting times of `file1': Operation not permitted

Any ideas?

BTW, the same question was posted also on ubuntuforums.org.

My Linux distribution is kubuntu 9.04, kernel 2.6.28-18.

Thanks,
ljubom

[scathefire]

is selinux on?

[ljubom]

is selinux on?

AFAIK selinux is disabled:

Code:

.../tmp> getenforce 
Disabled

.../tmp> sudo touch -t 199901010101 file1
[sudo] password for user: 

.../tmp> touch -t 199901010101 file1
touch: setting times of `file1': Operation not permitted

.../tmp> touch file1

.../tmp>

[scathefire]

try using the no_root_squash in your /etc/exports on the NAS box

[ljubom]

try using the no_root_squash in your /etc/exports on the NAS box

I will try it - but it wonders me that the /etc/exports is also read by samba / cifs - I tought it is NFS only.

[scathefire]

my bad, i must've overlooked you are using samba. what do your samba configs look like? where exactly are you mounting at on your system?

[ljubom]

my bad, i must've overlooked you are using samba. what do your samba configs look like? where exactly are you mounting at on your system?

I do not think that the problem is on the server because I can set the time stamp to the current time with the touch command also as a normal user - only setting the time stamp to an old time is not working properly, see the first post in the thread.
However, here are the NAS server samba settings:

Code:

/etc/samba # cat smb.conf 
[global]
  workgroup = WORKGROUP
  realm = WORKGROUP
  netbios name = MyBookWorld
  server string = My Book World Edition Network Storage
  load printers = no
  printing = bsd
  printcap name = /dev/null
  disable spoolss = yes
  log file = /var/log/samba/log.smbd
  max log size = 50
  max xmit = 65536
  dead time = 15
  security = user
  auth methods = guest, sam_ignoredomain, winbind:ntdomain
  encrypt passwords = yes
  create mask = 0664
  directory mask = 0775
  local master = no
  socket options = TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536
  use mmap = yes
  use sendfile = yes
  dns proxy = no
  idmap uid = 10000-65000
  idmap gid = 10000-65000
  dont descend = /proc,/dev,/etc
  admin users = 
  null passwords = yes
  map to guest = bad user
  guest account = nobody
  include = /usr/private/user_smb_conf/.overall_share
[Configuration]
  path = /Configuration
  comment = System Configuration
  public = yes
  browseable = yes
  writable = no
  guest ok = yes
/etc/samba # 
/etc/samba # 
/etc/samba # cat /usr/private/user_smb_conf/.overall_share
[Public]
  path = /DataVolume/Public
  comment = Public Share
  preallocate = yes
  public = yes
  browseable = yes
  writable = yes
  guest ok = yes
  map read only = no
[Download]
  path = /DataVolume/Download
  comment = Download Share
  preallocate = yes
  public = yes
  browseable = yes
  writable = yes
  guest ok = yes
  map read only = no
[test]
  path = /DataVolume/test
  comment = Test share
  preallocate = yes
  public = yes
  browseable = yes
  writable = yes
  guest ok = yes
  map read only = no
/etc/samba #

Mount point is in /media/new directory (all rights are rwx, see the first post)

[scathefire]

i wonder....

Code:

info touch

If changing both the access and modification times to the current
time, `touch' can change the timestamps for files that the user running
it does not own but has write permission for. Otherwise, the user must
own the files.

[ljubom]

Thanks scathefire! This is the source of the problem - it has nothing to do with cifs (in the first line).

Code:

/tmp> sudo touch file1
[sudo] password for user: 
/tmp> ls -l file1
-rw-r--r-- 1 root root 0 2010-03-23 22:26 file1
/tmp> touch file1
touch: cannot touch `file1': Permission denied
/tmp> sudo chmod a+rwx file1
/tmp> touch file1
/tmp> touch -t 199901010101 file1
touch: setting times of `file1': Operation not permitted
/tmp> touch file1
/tmp> sudo touch -t 199901010101 file1
/tmp>

Now the question is - how to mount files so that they always belong to the process that is currently accessing the files. I checked man mount.cifs, but it seems that this is not possible (some other "mounts" are interpreting missing value for uid and gid as "use process owner").

The problem is namely not touch, but "cp -a" and "mv" - I have a NAS archive where I want to put pictures - and I do not want to loose creation/modification time of files. The NAS archive is shared by multiple users.

And, BTW, on a mounted FAT system there is no problem - I can touch also root files!?

[scathefire]

sounds like an interesting situation. only way i can think to accomplish it would be to be based upon permissions on the NAS itself, not the mounting on client end. on the nas box for whatever share perhaps you should explore the following options in samba:

Code:

force user
force group
acl map full control
create mode
directory mask

so when the share is mounted, it forces the user and group to be whatever you set inside of samba. of course you will have to apply the appropriate permissions to files/folders initially. but by using those it will control how new files, etc. are created on that share. you can also use create mask to set the initial permissions of created files and folders.