203 - Wie funktioniert der Zugriff auf den Cloud Storage unter Linux?

Note: You must be located in the Munich Scientific Network or connected to it via VPN to access the Cloud Storage.

Since16.12.2022, access is only supported for the SMB3 protocol or newer. Access for SMB1 and SMB2 has been disabled for security reasons!

Supported operating system versions

Official support exists for SUSE Linux Enterprise Desktop 12. Other versions (e.g. other Linux distributions and other Unix distributions such as Solaris) also work, but cannot be fully supported.

Mount drive under Linux

Newer Linux kernels of version 2.6+ have a CIFS file system module. Most distributions also require the "cifs-utils" package to mount SMB shares. This allows the personal storage space of the LRZ Cloud Storage to be mounted as follows:

sudo mount -t cifs //nas.ads.mwn.de/<share_name> <mountpoint> -o username=<lrz-kennung>,domain=ADS,nodfs

where <mountpoint> is the path to the directory on the local machine within which the files of the <share> named <share_name> will be mounted locally.

For example, the <mountpoint> could be specified as: /home/ne23mek/online_data. Here the files of the <share> in the home directory of the user ne23mek would be mounted with the LRZ identifier <lrz-identifier> in the folder online_data.

It may be necessary to specify a UID and a GID of the local user when mounting, e.g. if it is not possible to write to the storage after mounting:

sudo mount -t cifs //nas.ads.mwn.de/<share_name> <mountpoint> -o username=<lrz-kennung>,domain=ADS,nodfs,uid=<UID>,gid=<GID>

However, mounting only works if you have root privileges. In Linux, for example, the command entry could look like this (with some client versions the option "vers=" must also be specified! Here at least "vers=3" better still "vers=3.1.1" should be used):

sudo mount -t cifs //nas.ads.mwn.de/ne23mek /home/ne23mek/online_daten -o username=ne23mek,domain=ADS,vers=3.1.1,nodfs

Because of the preceding sudo command, you must enter your password at the command line. Alternatively, the password could just as easily be read from an environment variable, from a file, or from a pipe (see the manpage for mount.cifs).

The access rights displayed by Linux (for example with an 'ls -l' command) of a CIFS share are practically meaningless, since access control already checks the ACLs on the server. In concrete terms, this means that each user has his own connection under his own identifier to a share (and not - as with NFS, for example - a mount point is shared).

Reading and setting ACLs under Linux is possible, but quite cumbersome. For this purpose the setcacls program can be used (man setcacls). To use setcacls it is not necessary to mount a file share.

Native home directories for Linux/Unix servers are currently not possible, because no NFS is offered and the CIFS clients do not support some Unix specialities (softlinks). However, as has already been seen, it is readily possible to provide personal storage or project storage as a subdirectory in the home directory by mounting. The CIFS semantics then cause no problems in the case of sharing e.g. Office documents.