mount error(13): Permission denied

Server

[root@servera ~]# mkdir /data
[root@servera ~]# semanage fcontext -a -t samba_share_t "/data(/.*)?"
[root@servera ~]# restorecon -Rv /data/

[root@servera ~]# useradd zhangsan
[root@servera ~]# useradd lisi
[root@servera ~]# smbpasswd -a zhangsan
[root@servera ~]# smbpasswd -a lisi

[root@servera ~]# setfacl -m u:zhangsan:r-X /data/      # 该用户只能读，对于目录用大X，文件用小x
[root@servera ~]# setfacl -m d:u:zhangsan:r-X /data/
 
[root@servera ~]# setfacl -m u:lisi:rwX /data/
[root@servera ~]# setfacl -m d:u:lisi:rwX /data/

[root@servera ~]# getfacl /data/

[root@servera ~]# vim /etc/samba/smb.conf
[data]               # 最底部增加该段
        path = /data
        browseable = yes
        hosts allow = 172.25.250.0/24
        write list = lisi        # lisi用户可以写入
 
[root@servera ~]# systemctl restart smb.service 

Client

[root@serverb ~]# useradd zhangsan

[root@serverb ~]# yum -y install cifs-utils.x86_64
# 创建在serverb上的挂载点
[root@serverb ~]# mkdir /mnt/multi
 
[root@serverb ~]# vim /root/pass.txt
username=zhangsan
password=123456

[root@serverb ~]# chmod 600 pass.txt
[root@serverb ~]# vim  /etc/fstab 
....
  ....  在最后添加如下内容
//servera.lab.example.com/data  /mnt/multi  cifs  cred=/root/pass.txt,multiuser  0 0 
注：各选项需通过 man mount.cifs查询

[root@serverb ~]# mount -a
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)


# 解决
到Server端重新修改zhangsan用户的密码，和pass.txt中的密钥保持一致，而后再来挂载
[root@servera ~]# smbpasswd -a zhangsan
[root@serverb ~]# mount -a
[root@serverb ~]# df -Th /mnt/multi/
Filesystem                     Type  Size  Used Avail Use% Mounted on
//servera.lab.example.com/data cifs   10G  2.3G  7.8G  23% /mnt/multi


# 又一个报错
[root@serverb ~]# su - lisi
Last login: Thu Jul  2 16:58:02 CST 2020 on pts/0
[wolferyne@serverb ~]$ cifscreds add servera            # 添加servera
Password:                                               # 密码是123456
[wolferyne@serverb ~]$ echo '12345' > /mnt/multi/opop
-bash: /mnt/multi/opop: Permission denied

# 解决
注：由于第一次输错了servera的密码，所以需要清理下
[wolferyne@serverb ~]$ cifscreds --help
cifscreds: unrecognized option '--help'
Usage:
	cifscreds add [-u username] [-d] 
	cifscreds clear [-u username] [-d] 
	cifscreds clearall 
	cifscreds update [-u username] [-d] 

[wolferyne@serverb ~]$ cifscreds clearall                  # 清理所有添加进来的cred
You have no stashed cifs credentials
If you want to add them use:
	cifscreds add
[wolferyne@serverb ~]$ cifscreds add servera               # 重新添加
Password: 
[wolferyne@serverb ~]$ echo '12345' > /mnt/multi/opop      # 再来测试
[wolferyne@serverb ~]$ cat /mnt/multi/opop
12345