[linux-cifs-client] Re: Anyone can write to cifs mounted Samba share !?

Przemyslaw Tokarski tokarski at zpk.u.lodz.pl
Wed Dec 22 09:19:26 GMT 2004 


> See the description of the cifs mount options "perm" vs. "noperm" in
> fs/cifs/README
> 
> This is a key issue to understand and eventually make clearer in the
> documentation.
> 
> Two issues to determine in understanding permission checking:
> 1) Which smb uid is being used for the request (controlled by the mount
> that you use and whether you have turned on 
> /proc/fs/cifs/MultiUserMount)
> 2) Whether perm checks are being done at the client (cifs vfs) and Samba
> server (ie when the perm mount option is enabled) or just at the Samba
> server (when the noperm option is enabled)
> 
> Note that when you use the Linux extensions disabling perm checking may
> make sense if the uids on client and server don't match since the uids
> used by the client call to generic_permission won't make much sense
> against a uid owner of a file that the client does not know about.
> 
> If you have multiuser mount enabled (for which I need more feedback and
> testing) then if you have two mounts to the server as different users, I
> will attempt to use the smb uid on network requests that matches the
> local Linux uid you used to mount to that server with, that may be
> helpful in conjunction with the above.  One of the pieces of code I need
> is a way to use the new kernel event notification calls to call up to
> kde or gnome utility to optionally prompt for a password if a user (who
> has not smb authenticated) makes a request to access a share mounted by
> someone else.
> 
> Note that it may be helpful to think about whether user mounts are
> allowed when deciding whether to turn on multiusermounts - since it does
> not do much good to mount unless you cifs can detect a different uid.
> 
> 
> 
> 

...thank you ver much for a fast response. I'll check that out as soon as 
I can and then summarize (I'm currently busy with something else). I have 
to admit one thing however. It appeared that I`ve been using previous 
version of cifs (1.0....) - sorry about that. I tried to mout cifs share 
feeding 'perm' option to the 'mount' command and that option obviously 
had not been recognized. 

Best regards and Merry Christmas to all list members

Przemyslaw Tokarski
Lodz, Poland

More information about the linux-cifs-client mailing list