[linux-cifs-client] setuid does not work on CIFS filesystem?

Dhirakaosal, Suvidhean - ES/RDR -Gil Suvidhean.Dhirakaosal at itt.com
Fri Sep 12 15:04:46 GMT 2008


Some how I was under the impression there was a way to modify mount.cifs
source to get it working.  The main reason for us trying to set the
sticky on binaries on a Windows FS is because we don't have support for
Clearcase with our Linux distro.  We will have to find some other
workaround.

Thanks for the info!
Suvi



-----Original Message-----
From: simo [mailto:idra at samba.org]
Sent: Friday, September 12, 2008 6:07 AM
To: Jeff Layton
Cc: Dhirakaosal, Suvidhean - ES/RDR -Gil;
linux-cifs-client at lists.samba.org
Subject: Re: [linux-cifs-client] setuid does not work on CIFS
filesystem?

On Fri, 2008-09-12 at 08:04 -0400, Jeff Layton wrote:
> On Fri, 5 Sep 2008 12:49:58 -0700
> "Dhirakaosal, Suvidhean - ES/RDR -Gil" <Suvidhean.Dhirakaosal at itt.com>
> wrote:
>
> >
> > We have a setup where a Windows machine exports a shared folder to a
> > Linux box.  This folder is mounted through mount.cifs.  We are able
to
> > access the files, but there are quirks here and there (i.e. symbolic
> > links are not supported on the cifs filesystem).  Most importantly,
we
> > can't set the sticky bit (i.e. chmod 4777 myBinary) on the
executables
> > that are on the cifs filesystem.
> >
> > We'd like to be able to allow users to run the binaries with root
> > privileges and the shared binaries have to be on the Windows shared
> > drive.
> >
>
> Since windows doesn't have a real way to persistently store file
modes,
> you're sort of out of luck here. You could mount the share with
> file_mode=04777, but that sounds like a really bad idea. You could
also
> experiment with cifsacl support, but I'm not sure whether it supports
> setuid bits.

No MS windows ACLs has no field or concept that can map to setuid bits.
And given the hugely different security model I think it would be
extremely dangerous to think of setuid binaries residing on a windows
share.

Simo.

--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Senior Software Engineer at Red Hat Inc. <simo at redhat.com>


This e-mail and any files transmitted with it may be proprietary and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the sender.
Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of ITT Corporation. The recipient should check this e-mail and any attachments for the presence of viruses. ITT accepts no liability for any damage caused by any virus transmitted by this e-mail.


More information about the linux-cifs-client mailing list