<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
> <i>Does it work if you change 'setuids' to 'suid'?</i><br>
<br>
No. Using "suid", the behavior is identical as "setuids".<br>
<br>
I was hoping to use either Samba over SSH, or else sshfs (Fuse),
for mounting these remote home dirs using SSH. But Samba's "setuids"
option is broke, and sshfs doesn't even have that option. Thus, I was
forced to set up an OpenVPN server and mount the homes with NFS over
OpenVPN. NFS sucks, and I hope the setuids option comes back. <br>
<br>
Getting offtopic, but for the archives: I had to use the NFS mount
options "soft,udp,retrans=0" so that I could log in if the VPN went
down. With those options, there's only a ~4 second delay before the
NFS gives up with an error. If you leave set it to "tcp", your SSH
shell will lock up for 5 minutes (when you log in and it tries to read
~/.bashrc), another 5 minutes if you accidentally type "ls", and
another 5 minutes if you hit [TAB] and it tries to do command-line
completion for you. You can tweak your TCP timeouts, but do you really
want to tweak TCP settings just to make NFS fail in a reasonable
fashion (and thus possibly break everything else)? And if you leave it
at the default "hard" instead of "soft", the system will lock up
indefinitely when you log in (trying to read ~/.bashrc).<br>
<br>
I love OpenVPN, but installing, configuring, generating certs,
copying certs to the client, testing, setting up monitoring, etc. was a
couple hours of work, compared to 5 minutes setting up an SSH tunnel
with my pre-existing key... and yet, OpenVPN was still less work than
trying to tunnel NFS over SSH (thanks to dynamic RPC ports, lockd,
etc.).<br>
<br>
<br>
Thanks,<br>
Derek<br>
<br>
On 05/29/2010 05:11 AM, Scott Lovenberg wrote:
<blockquote
cite="mid:AANLkTiniWDJBIeRs9Kno5KLMR0wrPe4WfK1vJsQcEtup@mail.gmail.com"
type="cite"><br>
<br>
<div class="gmail_quote">On Fri, May 28, 2010 at 4:12 PM, Derek
Simkowiak <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:dereks@realloc.net">dereks@realloc.net</a>></span>
wrote:
<blockquote class="gmail_quote"
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I can mount it using these options in /etc/fstab... note the use of
"setuids" here:<br>
<br>
//cst6/testhome /testhome cifs
iocharset=utf8,credentials=/root/cst6_password.txt,setuids 0 0<br>
<br>
</blockquote>
<div>Does it work if you change 'setuids' to 'suid'?</div>
<div><br>
</div>
<blockquote class="gmail_quote"
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Is there anything else I can try? Looking at this earlier post, it
seems like maybe "setuids" is not even a supported option anymore...?<br>
<br>
<a moz-do-not-send="true"
href="http://lists.samba.org/archive/linux-cifs-client/2010-March/005600.html"
target="_blank">http://lists.samba.org/archive/linux-cifs-client/2010-March/005600.html</a><br>
<br>
</blockquote>
<div>The client code has been moved out of the samba package
recently. In the current release of the client (the client is now
released separately from the samba suite, but the two aren't in sync
yet) the setuid functionality is deprecated (but can still be enabled
at compile time). At the moment the option is being called 'legacy'; I
don't know if the functionality is being dropped or
upgraded/redesigned, though.</div>
</div>
<br clear="all">
<br>
-- <br>
Peace and Blessings,<br>
-Scott.<br>
<br>
</blockquote>
<br>
</body>
</html>