[linux-cifs-client] Unix Extensions & Limitations

Steven French sfrench at us.ibm.com
Mon Apr 25 19:04:42 GMT 2005 




linux-cifs-client-bounces+sfrench=us.ibm.com at lists.samba.org wrote on
04/25/2005 01:28:57 PM:

> Hello,
>
> I am running into what looks like a limitation of mount.cifs - Is there
> a way to get mount.cifs to ignore unix extensions on a per-connection
> basis and not use the -o noparm option? The -o noparm option concerns me
> if used on a multiple user client. Has there ever been a discussion
> about implementing a UID mapping option? (ie: some way to say
> localuserX-UID=serveruserY-UID).
>
> The following scenario is a problem:
>
> Client (Linux) - Research machine
>  UID=111 for researcherA
>
> Server (Solaris)
>  UID=9999 for researchaccountX
>
> researcher A attempts:
> mount.cifs //server/researchaccountX /home/researcherA/researchaccountX
> -o username=researchaccountX,domain=WINDOM
>
> Researcher A is now unable to write to the mounted research account X.
>
> Now the -o noparm option is a bit of a security concern in that it
> allows any user on the Client to write to that directory. I suppose a
> work around is to make a parent directory for the mount and chmod it to
> 700.

Can you give me a pointer to a description of noparm?  I don't see
it in the man pages for mount and automount.


> Has there been any discussion on allowing a -o flag for mapping a
> local UID to a server UID? Or - have an option that would make
> mount.cifs behave like old 2.x mounts?

Yes.  This needs to be thought through.  suggestions welcome. NFSv4 has a
new uid mapping mechanism, as of course does the more general winbind
pam/nss
module.  I don't much like the idea of the current nfsv4 specific uid
mapping mechanism, thus upcalling to the winbindd approach seems more
sensible - but I am open to suggestions.  The effects of enabling
/proc/fs/cifs/MultiUserMount also needs to be explored more since that will
attempt to match the current uid against an authenticated smb uid (if
that particular uid has mounted to the server).   Also note that winbindd's
primary function is not really mapping a local uid to a remote uid - but it
can do mappings of SID to UID and SID to Name and a few other functions
that get us partway there - and note that running winbindd would not
require
that pam/nss winbind libraries be installed (although that would normally
be
the case) - so there might be cases in which we could levarage functions
in winbindd simply for mapping uids to name and sids to name which might
be helpful.

What would be extremely helpful is if someone could describe how the
current
nfsv4 uid mapping daemon works so we don't discard the possibility of
some interoperability with their mechanism prematurely.
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the linux-cifs-client mailing list