[linux-cifs-client] SUMMARY: Anyone can write to cifs mounted Samba
share !?
Przemyslaw Tokarski
tokarski at zpk.u.lodz.pl
Mon Jan 3 13:08:26 GMT 2005
Original question:
------------------------------------------------------------------------------
Hello !!
I mounted a share from the Samba sever via CIFS and was struck by one
peculiar thing. Once the share is mounted any unprivileged uid can write
to it. Steps that I followed:
1. (as root) mount -t cifs -o username=user_1,password=user_1_password
//sc/homes /local/mountpoint
2. (as user_2) cd /local/mountpoint; mkdir aaa (succeded).
3. Resulting mounted share as it appears on the local filesystem:
drwx------ 3 user_1 Domain Users 4096 Dec 16 10:44 /local/mountpoint
The underlying directory on which the cifs filesystem had been mounted is
owned by user 'root' and group 'root' and has a mode of 755. I
Double-checked that users 'user_1' and 'user_2' have different uids, however
both users belong to the same group: 'Domain Users'. 'unix extensions' are
enabled on the Samba server. I use Samba version 3.0.7 + LDAP on Red Hat 9
(both client and server), kernel version 2.4.20-31.9 (from Red Hat updates),
cifs version is 1.20c.
Has anyone experienced such a behaviour ? - please let me know. Any
suggestions will be appreciated and I will summarize !!
Best regards
Przemyslaw Tokarski
Lodz, Poland
------------------------------------------------------------------------------
The answer from Steven French:
------------------------------------------------------------------------------
See the description of the cifs mount options "perm" vs. "noperm" in
fs/cifs/README
This is a key issue to understand and eventually make clearer in the
documentation.
Two issues to determine in understanding permission checking:
1) Which smb uid is being used for the request (controlled by the mount
that you use and whether you have turned on
/proc/fs/cifs/MultiUserMount)
2) Whether perm checks are being done at the client (cifs vfs) and Samba
server (ie when the perm mount option is enabled) or just at the Samba
server (when the noperm option is enabled)
Note that when you use the Linux extensions disabling perm checking may
make sense if the uids on client and server don't match since the uids
used by the client call to generic_permission won't make much sense
against a uid owner of a file that the client does not know about.
If you have multiuser mount enabled (for which I need more feedback and
testing) then if you have two mounts to the server as different users, I
will attempt to use the smb uid on network requests that matches the
local Linux uid you used to mount to that server with, that may be
helpful in conjunction with the above. One of the pieces of code I need
is a way to use the new kernel event notification calls to call up to
kde or gnome utility to optionally prompt for a password if a user (who
has not smb authenticated) makes a request to access a share mounted by
someone else.
Note that it may be helpful to think about whether user mounts are
allowed when deciding whether to turn on multiusermounts - since it does
not do much good to mount unless you cifs can detect a different uid.
------------------------------------------------------------------------------
Thank you very much
Best regards to everyone on the list.
Przemyslaw Tokarski
Lodz, Poland
More information about the linux-cifs-client
mailing list