[linux-cifs-client] setuid does not work on CIFS filesystem?
simo
idra at samba.org
Fri Sep 12 13:07:15 GMT 2008
On Fri, 2008-09-12 at 08:04 -0400, Jeff Layton wrote:
> On Fri, 5 Sep 2008 12:49:58 -0700
> "Dhirakaosal, Suvidhean - ES/RDR -Gil" <Suvidhean.Dhirakaosal at itt.com>
> wrote:
>
> >
> > We have a setup where a Windows machine exports a shared folder to a
> > Linux box. This folder is mounted through mount.cifs. We are able to
> > access the files, but there are quirks here and there (i.e. symbolic
> > links are not supported on the cifs filesystem). Most importantly, we
> > can't set the sticky bit (i.e. chmod 4777 myBinary) on the executables
> > that are on the cifs filesystem.
> >
> > We'd like to be able to allow users to run the binaries with root
> > privileges and the shared binaries have to be on the Windows shared
> > drive.
> >
>
> Since windows doesn't have a real way to persistently store file modes,
> you're sort of out of luck here. You could mount the share with
> file_mode=04777, but that sounds like a really bad idea. You could also
> experiment with cifsacl support, but I'm not sure whether it supports
> setuid bits.
No MS windows ACLs has no field or concept that can map to setuid bits.
And given the hugely different security model I think it would be
extremely dangerous to think of setuid binaries residing on a windows
share.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <simo at redhat.com>
More information about the linux-cifs-client
mailing list