What's the difference between "file_mode,dir_mode" and "gid" when mounting a CIFS share?

linux permissions ubuntu mount samba

I'm trying to mount a Windows 10 share on xubuntu 16.04 using /etc/fstab and I noticed that if I don't set file_mode=0777,dir_mode=0777 as parameters in /etc/fstab, users outside of root are unable to write to the share. This seemed like a security risk to me at first since I saw that 777 means that everyone should have permissions to read and write to the share which I didn't want. So I instead deleted those parameters, looks at the manual and instead set gid=1000 so only the users in that group would be able to write to the share. This didn't end up working at all so I put back the file_mode=0777 and dir_mode=0777 parameters into /etc/fstab and it worked just how I wanted it to work. According to thunar, users in group 1000 are able to r&w whilst "Others" don't have any access.

tl;dr: Why do you need the file_mode=0777 and dir_mode=0777 parameters in order to get proper permissions on a share? And if 0777 in octal permissions means everyone has access to it, then why does the parameter gid=1000 seem to override it?


According to mount.cifs man

       file_mode=arg
       If the server does not support the CIFS Unix extensions this
       overrides the default file mode.

       dir_mode=arg
       If the server does not support the CIFS Unix extensions this
       overrides the default mode for directories.
       
       gid sets the gid that will own all files or directories on the
       mounted filesystem when the server does not provide ownership
       information. It may be specified as either a groupname or a
       numeric gid. When not specified, the default is gid 0.

file_mode and dir_mode refers to file and directory permissions. I don't know what permissions the directory on where you are mounting Windows 10 Share has. I mean if you are mounting only in a root directory permission, others users will not have permissions on this, this is why only 0777 is working for others users.

I suggest you give change the owner and group owner of the mounted directory, so you can give permissions to others non-root users.

Related

openssl s_client allows connection while curl does not
How to see which package depends on the lib?
Are the rules for clearing Thunar's thumbnail cache set somewhere that the user can change?
How to do automatic 2FA with SSH/SCP on Windows (ideally using PuTTY+WinSCP)?
How to save anchor points in photoshop?
Small sized GPG command-line tool for Windows
"Mount" for .ISO's disappeared from context menu
Word Templates - how to make a document portable?
What would happen if I force installed a Linux driver into Mac OS X?
What's the advantage of buying an iMac over building a Hackintosh?
Why is it still not possible to cut files to paste them elsewhere in Catalina? [duplicate]
Does online gaming use data?