Getcifsacl does not work with CIFS mount versions 2 or 3

access-control-listcifsmount

When I mount CIFS share with vers=1.0 I can perform getcifsacl sucessfully.

# mount -t cifs //example.com/Users/milo /mnt/cifs -o vers=1.0
# getcifsacl /mnt/cifs/file.png

REVISION:0x1
CONTROL:0x8504
OWNER:S-1-5-21-1111111111-222222222-33333333-11824
GROUP:S-1-5-21-1111111111-222222222-33333333-513
ACL:S-1-5-21-1111111111-222222222-33333333-11824:ALLOWED/I/FULL
ACL:S-1-5-21-1111111111-222222222-33333333-3200:ALLOWED/I/FULL
ACL:NT Authority\SYSTEM:ALLOWED/I/FULL

But when I mount with vers=2.0, or 2.1, or 3.0, ACL reading fails.

getxattr error: 95
REVISION:0x0
CONTROL:0x0

OS is Debian Stretch (9.6), cifs-utils package 2:6.7-1. CIFS share is from Nettapp data store. Mounts from Windows XP, 8, 10 works fine.

Why getcifsacl depends on SMB protocol version? Can I read ACL via newer SMB protocol?

Best Answer

To get it work, one need newer kernel and newer cifs-utils.

Reading an ACL by getcifsacl and setting it by setcifsacl with mount versions 2.0, 2.1 or 3.0 works well with kernel 4.19.0-0.bpo.1-amd64 (backport for Debian Strech) and cifs-utils version cifs-utils-6.8 (git tag). All utils work with kernel 4.20.4 too.

I received solution hints in samba-technical mailing list: https://lists.samba.org/archive/samba-technical/2019-January/132176.html

Related Solutions

Windows – Mount Remote CIFS/SMB Share as Folder

Just to map a network share directory you would use this command:

net use \\Server\ShareName\Directory

This mapping would:

not be persistent
would have to be established and authenticated at user login
you would access the share using the UNC path, and not a local drive letter

If you want to access the network share through a location on your local C: drive, you'll want to set up a symbolic link:

mklink /d  C:\Folder\ShareName \\Server\ShareName\Directory

Now when you navigate to C:\Folder\Share you'll see the contents of \\\Server\Sharename\Directory. You'll still need to provide authentication for the resource with something like net use (or just be logged into a domain account on a domain system that has access) otherwise the link will probably error out angrily.

Mount Return Code for CIFS mount

I cannot find anywhere in the source code where it exits with exit code of 1 without printing an error message first.

If you are getting any error messages, you need to add them to your question.

This is probably a bug but I have not been able to find a likely bug report for it.

What operating system are you running, and version of mount.cifs.

EDIT: Can you check the permissions are set so only root can read /root/cifsid as incorrect permissions may be causing this error.

Best Answer

Related Solutions

Windows – Mount Remote CIFS/SMB Share as Folder

Mount Return Code for CIFS mount

Related Topic