[linux-cifs-client] Re: user umount
Richard Hughes
ee21rh at eim.surrey.ac.uk
Mon May 31 23:03:20 GMT 2004
Steve,
> With a cifs entry in fstab presumably (user or owner specified on the
> entry) users are already allowed unmount of cifs today (via umount) -
> albeit more restrictively than with a umount util.
I don't think this is true, well, not for the case of Fedora (rawhide) -
my shares will not umount without root access.
> If people are satisfied with the approach of setting umount.cifs
> setuid and doing an ioctl to get the kernel_uid_t of the mounter and
> matching it to the local processes uid_t, I could probably do
> something similar although my instinct is to do the matching in kernel
> - basically umount.cifs would ioctl into cifs to do the check and
> umount itself (perhaps limits races, but also eliminates the problem
> of differing sizes of uid_t and kernel_uid_t) - and the user space
> tool would only have to clean up mtab (if anything at all).
Lots of my system files have to be chmod+s'd so users can actually do
things - I don't see a problem there. I can see the benefit of ioctl'ing
into cifsd and unmounting, just from a simplicity viewpoint.
I have glanced at fs/jfs/jfs_umount.c, which might be worth a look.
> I could probably allow the admin to toggle user unmounts on to provide
> slightly more security - the utility would have to be present and the
> /proc/fs/cifs/umount_user would have to be set.
This is a GOOD idea. But probably best to have default on, so that joe
average doesn't have to google.
> smbfs has a umount utility but I don't know what the community thinks
> about its security.
If CIFS can't do everything smbfs can do - people can't migrate. Redhat
used to (I think still does) switch off smbfs in their default kernel
spec - so I think this umount functionality should be a priority. Plus I
need it to complete my corporate W2K => CIFS/Samba migration :-)
On a side note, CIFS is faster than ever, and I haven't had a transfer
problem in weeks.
Richard Hughes
On Mon, 2004-05-31 at 21:59, Steven French wrote:
> I don't provide a tiny user umount utility for cifs yet because I
> wanted time to think through the security implications. Ideas would be
> welcome. smbfs has a umount utility but I don't know what the
> community thinks about its security.
>
> With a cifs entry in fstab presumably (user or owner specified on the
> entry) users are already allowed unmount of cifs today (via umount) -
> albeit more restrictively than with a umount util.
>
> If people are satisfied with the approach of setting umount.cifs
> setuid and doing an ioctl to get the kernel_uid_t of the mounter and
> matching it to the local processes uid_t, I could probably do
> something similar although my instinct is to do the matching in kernel
> - basically umount.cifs would ioctl into cifs to do the check and
> umount itself (perhaps limits races, but also eliminates the problem
> of differing sizes of uid_t and kernel_uid_t) - and the user space
> tool would only have to clean up mtab (if anything at all). I could
> probably allow the admin to toggle user unmounts on to provide
> slightly more security - the utility would have to be present and the
> /proc/fs/cifs/umount_user would have to be set.
>
>
>
>
> Steve French
> Senior Software Engineer
> Linux Technology Center - IBM Austin
> phone: 512-838-2294
> email: sfrench at-sign us dot ibm dot com
> Inactive hide details for Richard Hughes
> <ee21rh at eim.surrey.ac.uk>Richard Hughes <ee21rh at eim.surrey.ac.uk>
>
>
> Richard Hughes <ee21rh at eim.surrey.ac.uk>
>
> 05/31/2004 05:29 AM
>
>
>
>
> To
>
> Steven
> French/Austin/IBM at IBMUS, CIFS Development List <linux-cifs-client at lists.samba.org>
>
> cc
>
>
>
>
>
>
> Subject
>
> user umount
>
>
> Steve,
>
> The user mount option works flawlessly on my (Fedora Core 2) linux
> machines, the only issue I have now is that when users log off, they
> cannot umount their own shares. e.g.
>
> user$ umount /mnt/home
> umount: only root can unmount //ns1/write from /mnt/ns1-write
>
> umount has +s bit set, and the mount option contained "user".
> Is this an issue for mount.cifs.c or a more generic redhat thing?
> I'm running 2.6.7rc2, cifs 1.16 fwiw.
>
>
> Richard Hughes
>
>
>
More information about the linux-cifs-client
mailing list