[linux-cifs-client] Improving auto.smb for user mounts

Joe Krahn krahn at niehs.nih.gov
Wed Jan 30 18:07:22 GMT 2008


simo wrote:
> On Tue, 2008-01-29 at 11:29 -0500, Joe Krahn wrote:
> 
>> My understanding is that Windows shares are designed for user-level
>> network connections, rather than system level auto-mounting, which is
>> why a new user requires a new session.
> 
> And this is the only sane option for network mounts unless you want to
> trust the client machine fully.
User-level access is usually better, but a system-level mount can be
useful in some cases, if the client can be fully trusted.
> 
>> But, POSIX is designed around
>> system-level network mounts, which is why Samba created smbsh in order
>> to emulate a user-level virtual network file system.
> 
> Not sure why you mention smbsh, anyway system-level mounts are not at
> odds with user authenticated connections.
Are you talking about a "file browser", or mapping user authenticated
connections to actual filesystem mount points?

> 
>> Don't you need to implement either a user-level virtual file system, or
>> user-level access for files in the same system-level network mount
>> point? Or, is the plan for each user to have their own "/smb" automount
>> base? All of these seem a bit 'fancy' to me. If it is already planned,
>> is there documentation somewhere discussing the design?
> 
> The kernel always knows which user is accessing a mount point so
> "roughly" all you need is to switch to the right user authenticated
> session depending on which user is making the specific request to the
> filesystem.
> This means a new authentication for each user walking a cifs mount
> point, but at least it does not mean a new connection as cifs can
> multiplex multiple sessions.
> 
> Simo.
This makes sense, but how do you present a different connection to
different users on the same mount point? I mention smbsh because it was
created to emulate this outside of the kernel. You are talking about
changes in the way the kernel interacts with the filesystem drivers, right?

Joe


More information about the linux-cifs-client mailing list