Home / server / Questions / 907501
In Process
Shadur
Asked: 2018-04-14 02:53:28 +0800 CST

sharing a S3 storage mount via samba: Permission denied

  • 772

At work we've recently deployed several S3 storage servers. However, not all of our customers have the ability to work with S3 storage due to old hardware/software.

We tried to work around the problem by creating a samba "proxy" that mounts the S3 storage devices, then shares that mount to the windows network.

Both samba and s3fs seem to be configured correctly; I can mount the S3 storage points, and I can turn directories into samba shares. However, when I try to make a samba share out of the s3fs mount point, windows reports a "permission denied".

samba.log isn't terribly more informative, merely saying chdir (/s3mounts/dvoijen) failed, reason: Permission denied

I've tried setting the umask in fstab to 000, but it's had no effect.

Relevant fstab line:

dvoijen     /s3mounts/dvoijen                   fuse.s3fs  _netdev,noauto,url=https://s3-eu01.{redacted}/,passwd_file=/etc/passwd-s3fs-dvoijen,umask=000 0 0

Relevant smb.conf block:

[dvoijen]
    comment = S3 bucket dvoijen
    path = /s3mounts/dvoijen/
    valid users = "@SYSTEMECCLOUD\Domain Admins"
    admin users = "@SYSTEMECCLOUD\Domain Admins"
    force group = "Domain Admins"
    browseable = yes
    writable = yes
    read only = no
    inherit acls = yes         
    inherit permissions = yes
    force create mode = 0660
    create mask = 0777
    directory mask = 0777
    force directory mode = 0770
    access based share enum = yes
    hide unreadable = yes

(Yes, I know, possible security issues, we'll worry about those once we have it working and before it's deployed into production)

I'm pretty sure I'm missing something painfully obvious, but I can't figure out what.

UPDATE: In an effort to eliminate possible errors, we moved the samba share to /s3mounts/, which works fine, except that opening the share doesn't show the mount point when it's mounted (it's visible when the S3 bucket isn't mounted to it). I'm now more and more convinced I'm missing a permission issue somewhere, but what?

New config:

[s3mounts]
    comment = S3 buckets
    path = /s3mounts/
    valid users = "@SYSTEMECCLOUD\Domain Admins"
    admin users = "@SYSTEMECCLOUD\Domain Admins"
    force group = "Domain Admins"
    browseable = yes
    writable = yes
    read only = no
    inherit acls = yes         
    inherit permissions = yes
    force create mode = 0660
    create mask = 0777
    directory mask = 0777
    force directory mode = 0770
    access based share enum = yes
    hide unreadable = yes

EDIT 2 The problem's been resolved; I'll post the fix as soon as I'm sure why what I did worked.

debian

0 Answers