+ Post New Thread
Results 1 to 13 of 13
*nix Thread, Chdir (/mountpath) failed, reason: permission denied in Technical; We seem to have an issue affecting just our staff members at the moment. Annoyingly the issue comes and goes ...
  1. #1
    mdench's Avatar
    Join Date
    Oct 2011
    Location
    Billingshurst
    Posts
    789
    Thank Post
    38
    Thanked 102 Times in 92 Posts
    Rep Power
    38

    Chdir (/mountpath) failed, reason: permission denied

    We seem to have an issue affecting just our staff members at the moment. Annoyingly the issue comes and goes and doesn't affect everyone. When they log in they will occasionally get a message saying your recycle bin in videos, pictures etc etc is corrupted would you like to empty it. We get this error message because the N:\ Drive (home drive) doesn't connect properly. Checking the logs on our file host we getting a permission denied error message when samba tries to change directory

    Code:
      Transaction 118 of length 116 (0 toread)
    [2013/11/27 10:29:10.640308,  3] smbd/process.c:1467(switch_message)
      switch message SMBtrans2 (pid 5158) conn 0x7f35f980dfd0
    [2013/11/27 10:29:10.640345,  3] smbd/service.c:190(set_current_service)
      chdir (/mount/msa1-enc2-fs2/documents/staff) failed, reason: Permission denied
    [2013/11/27 10:29:10.640376,  3] smbd/error.c:81(error_packet_set)
      error packet at smbd/process.c(1558) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED
    [2013/11/27 10:30:01.930566,  3] smbd/process.c:1662(process_smb)
      Transaction 119 of length 126 (0 toread)
    [2013/11/27 10:30:01.930644,  3] smbd/process.c:1467(switch_message)
      switch message SMBntcreateX (pid 5158) conn 0x7f35f980dfd0
    [2013/11/27 10:30:01.930709,  3] smbd/service.c:190(set_current_service)
      chdir (/mount/msa1-enc2-fs2/documents/staff) failed, reason: Permission denied
    [2013/11/27 10:30:01.930741,  3] smbd/error.c:81(error_packet_set)
      error packet at smbd/process.c(1558) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED
    [2013/11/27 10:30:07.572040,  3] smbd/process.c:1662(process_smb)
      Transaction 120 of length 126 (0 toread)
    [2013/11/27 10:30:07.572100,  3] smbd/process.c:1467(switch_message)
      switch message SMBntcreateX (pid 5158) conn 0x7f35f980dfd0
    [2013/11/27 10:30:07.572143,  3] smbd/service.c:190(set_current_service)
      chdir (/mount/msa1-enc2-fs2/documents/staff) failed, reason: Permission denied
    [2013/11/27 10:30:07.572173,  3] smbd/error.c:81(error_packet_set)
      error packet at smbd/process.c(1558) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED
    [2013/11/27 10:30:15.618213,  3] smbd/process.c:1662(process_smb)
      Transaction 121 of length 150 (0 toread)
    [2013/11/27 10:30:15.618279,  3] smbd/process.c:1467(switch_message)
      switch message SMBntcreateX (pid 5158) conn 0x7f35f980dfd0
    [2013/11/27 10:30:15.618324,  3] smbd/service.c:190(set_current_service)
      chdir (/mount/msa1-enc2-fs2/documents/staff) failed, reason: Permission denied
    [2013/11/27 10:30:15.618354,  3] smbd/error.c:81(error_packet_set)
      error packet at smbd/process.c(1558) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED
    [2013/11/27 10:30:15.619220,  3] smbd/process.c:1662(process_smb)
    We have given full permissions to the directory in the hope that would solve it but it hasn't

    Code:
    max@neo:/mount/msa1-enc2-fs2/documents$ ls -lh
    total 24K
    drwxrwx---+ 265 root domain users 8.0K Oct 26 15:10 intake12
    drwxrwxrwx+ 676 root domain users  16K Nov 19 09:25 staff
    If the user then logs out and back in again it will generally work. I spent most of Tuesday logging in and out of a pc and it took 26 attempts before it finally through the error.

    Anybody got any bright ideas?
    Last edited by mdench; 28th November 2013 at 10:00 AM.

  2. #2
    mdench's Avatar
    Join Date
    Oct 2011
    Location
    Billingshurst
    Posts
    789
    Thank Post
    38
    Thanked 102 Times in 92 Posts
    Rep Power
    38
    bump...

  3. #3
    mdench's Avatar
    Join Date
    Oct 2011
    Location
    Billingshurst
    Posts
    789
    Thank Post
    38
    Thanked 102 Times in 92 Posts
    Rep Power
    38
    nobody?

  4. #4

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    1,968
    Thank Post
    112
    Thanked 489 Times in 335 Posts
    Blog Entries
    2
    Rep Power
    283
    Is the time on the server(s) accurate?

    Does wbinfo -t from the server show any erorrs?

    Does wbinfo -g show AD groups?
    Last edited by jinnantonnixx; 3rd December 2013 at 10:42 AM.

  5. #5


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Is it running SELinux?
    9/10 problems I have which manifest as "permission denied" are usually SELinux (or ubuntu's equivalent)

  6. #6
    mdench's Avatar
    Join Date
    Oct 2011
    Location
    Billingshurst
    Posts
    789
    Thank Post
    38
    Thanked 102 Times in 92 Posts
    Rep Power
    38
    Quote Originally Posted by jinnantonnixx View Post
    Is the time on the server(s) accurate?

    Does wbinfo -t from the server show any erorrs?

    Does wbinfo -g show AD groups?

    Code:
    wbinfo -t
    checking the trust secret for domain DOMAINNAME via RPC calls succeeded
    time is correct and wbinfo -g is showing correct groups

  7. #7

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    1,968
    Thank Post
    112
    Thanked 489 Times in 335 Posts
    Blog Entries
    2
    Rep Power
    283
    In your smb.conf, under the relevent share(s) do you have writable=yes and write list = + ?

  8. #8
    mdench's Avatar
    Join Date
    Oct 2011
    Location
    Billingshurst
    Posts
    789
    Thank Post
    38
    Thanked 102 Times in 92 Posts
    Rep Power
    38
    Code:
    [global]
    # System Settings
     workgroup = DOMAIN
     server string = %h server (Samba, Ubuntu)
     log file = /var/log/samba/log.%m
     log level = 3
     max log size = 15000
     syslog = 1
     panic action = /usr/share/samba/panic-action %d
     deadtime = 10
     oplocks = yes
     kernel oplocks = yes
    
    # Domain Options
     security = ads
     realm = DOMAIN
     preferred master = no
     local master = no
     domain master = no
     encrypt passwords = yes
     dns proxy = no
     map to guest = Bad User
    
    # Clustering Options
     netbios aliases = matrix
    # clustering = yes
    # idmap backend = tdb2
    # fileid:mapping = fsid
    # vfs objects = fileid
    
    # SMBClient Options
     client ntlmv2 auth = yes
    
    # Winbind Options
     idmap config DOMAIN: default = yes
     idmap config DOMAIN: backend = rid
     idmap config DOMAIN: range = 100000-500000000
     idmap config * : range   = 70000-500000000
     winbind separator = +
     winbind enum users = no
     winbind enum groups = no
     winbind use default domain = yes
     winbind nested groups = yes
     winbind refresh tickets = true
     winbind offline logon = true
     winbind reconnect delay = 1
     template homedir = /dev/null
    
    # Unix Password Handling
     passdb backend = tdbsam
     obey pam restrictions = yes
     unix password sync = yes
     passwd program = /usr/bin/passwd %u
     passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n                                                                                                                                                              *password\supdated\ssuccessfully* .
     pam password change = yes
    
    # Printers
     load printers = no
     printing = cups
     printcap name = cups
     printcap cache time = 0
    
    # Networking
     socket options = TCP_NODELAY IPTOS_LOWDELAY
     max xmit = 16644
     use sendfile = true
     getwd cache = yes
     disable netbios = no
     smb ports = 445
    
    # ACL Permissions
    # store dos attributes, causes IE/Chrome Downloads not to automatically occur.
     nt acl support = yes
     inherit acls = yes
     map acl inherit = yes
     store dos attributes = yes
     map archive = no
     map hidden = yes
     map read only = yes
     map system = no
     inherit permissions = yes
    
    # Default Share Parameters
    # If a varible needs to be unset or changed, simply redefine it under the share.
     writeable      = yes
     browseable     = no
     available      = yes
     access based share enum = yes
     usershare allow guests = yes
     create mask     = 0774
     directory mask  = 0775
     admin users     = @"DOMAIN+Domain Admins" root
     valid users     = @"DOMAIN+Domain Users"
     hide files      = /*$RECYCLE.BIN/~$*/desktop.ini/
     veto files      = /*.cmd/*.exe/*.bat/*.java/desktop.ini/*.swf/*.msi/*.ani/*.dll                                                                                                                                                             /*.themepack/
    
    # Document Shares (/var/fshost/documents/)
    [intake05]
     path           = /var/fshost/documents/intake05
    
    [intake06]
     path           = /var/fshost/documents/intake06
    
    [intake07]
     path           = /var/fshost/documents/intake07
    
    [intake08]
     path           = /var/fshost/documents/intake08
    
    [intake09]
     path           = /var/fshost/documents/intake09
    
    [intake10]
     path           = /var/fshost/documents/intake10
    
    [intake11]
     path           = /var/fshost/documents/intake11
    
    [intake12]
     path           = /var/fshost/documents/intake12
    
    [intake13]
     path           = /var/fshost/documents/intake13
    
    [staff]
     path           = /var/fshost/documents/staff
     veto files     =
    
    # Resource Shares (/var/fshost/shares/)
    [staffshare]
     path           = /var/fshost/shares/staffshare
     valid users    = @"DOMAIN+All Weald Staff" @"DOMAIN+Domain Admins"
     veto files     =
    
    
    # Provides legacy alias
    [staff share]
     copy           = staffshare
    
    [pst]
     path           = /mount/msa1-enc2-fs1/marty
     valid users =
     guest ok = yes
    # valid users    = @"DOMAIN+All Weald Staff" @"DOMAIN+Domain Admins"
    
     #[studentshare]
     # path         = /var/fshost/shares/studentshare
     # veto files   = /*.msi/*.exe/*.msi/*.zip/*.jar/*.java/*.7z/
    
    [radioweald]
     path           = /var/fshost/shares/radioweald
     veto files     =
    
    [musictech]
     path           = /var/fshost/shares/musictech
     veto files     =

  9. #9

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    1,968
    Thank Post
    112
    Thanked 489 Times in 335 Posts
    Blog Entries
    2
    Rep Power
    283
    Try adding these lines to a sample share (e.g. intake 5) then testing that particular logon. You'll need to restart samba of course.

    e.g.

    [intake05]
    path = /var/fshost/documents/intake05
    write list=intake05
    writeable = yes
    browseable = yes
    read only = no


    This might be of use
    http://www.samba.org/samba/docs/using_samba/ch09.html
    Last edited by jinnantonnixx; 3rd December 2013 at 02:34 PM.

  10. #10
    mdench's Avatar
    Join Date
    Oct 2011
    Location
    Billingshurst
    Posts
    789
    Thank Post
    38
    Thanked 102 Times in 92 Posts
    Rep Power
    38
    Have tried in the past it makes no difference. It works 99% of the time just will randomly not a small number of staff into that directory

  11. #11


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    What are your extended attributes on /mount/msa1-enc2-fs2/documents ?

    do
    Code:
    getfacl /mount/msa1-enc2-fs2/documents
    and use setfacl to fix any permission problems.

  12. #12
    mdench's Avatar
    Join Date
    Oct 2011
    Location
    Billingshurst
    Posts
    789
    Thank Post
    38
    Thanked 102 Times in 92 Posts
    Rep Power
    38
    Code:
    root@neo:/mount/msa1-enc2-fs2# getfacl documents/
    # file: documents/
    # owner: root
    # group: root
    user::rwx
    group::r-x
    other::r-x
    
    root@neo:/mount/msa1-enc2-fs2# getfacl documents/staff/
    # file: documents/staff/
    # owner: root
    # group: domain\040users
    user::rwx
    group::---
    group:BUILTIN+administrators:rwx
    group:70006:rwx
    group:domain\040admins:rwx
    group:all\040weald\040staff:r-x
    group:trusted\040network\040data\040-\040security:r-x
    mask::rwx
    other::rwx
    default:user::rwx
    default:group::---
    default:group:BUILTIN+administrators:rwx
    default:group:70006:rwx
    default:group:domain\040admins:rwx
    default:group:all\040weald\040staff:r-x
    default:group:trusted\040network\040data\040-\040security:r-x
    default:mask::rwx
    default:other::---
    
    root@neo:/mount/msa1-enc2-fs2#

  13. #13


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    group::---

    try:

    setfacl -R -m group::rwx /mount/msa1-enc2-fs2/documents/staff

    to set the default for all groups to read/write/excecute recursively on staff directory.
    You could of course fine tune that by doing:
    setfacl -R -m group:"groupname":rwx /mount/msa1-enc2-fs2/documents/staff

    Also - I'm not sure if you can use "domain users" with samba - you might want to check that.

SHARE:
+ Post New Thread

Similar Threads

  1. FileSystemObject Folder why permission denied
    By NetworkGeezer in forum Coding
    Replies: 16
    Last Post: 2nd September 2011, 05:10 PM
  2. [SIMS] SQL migration "Login failed: Reason 0"
    By zag in forum MIS Systems
    Replies: 52
    Last Post: 16th January 2011, 03:15 PM
  3. Moodle Permission denied error
    By AhmetNuri in forum Virtual Learning Platforms
    Replies: 0
    Last Post: 21st February 2010, 03:14 PM
  4. SIMS Connection failed - Reason 2
    By mortstar in forum MIS Systems
    Replies: 23
    Last Post: 5th June 2008, 12:48 PM
  5. Replies: 2
    Last Post: 25th October 2007, 08:37 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •