[linux-cifs-client] [PATCH 0/3] cifs: some random patches for 2.6.31

Jeff Layton jlayton at redhat.com
Tue May 26 16:42:05 GMT 2009


On Tue, 26 May 2009 10:08:27 -0500
Steve French <smfrench at gmail.com> wrote:

> 1) I wanted to look at more to make sure how it affected (if at all)
> the "homedir" case
> (ie we want to override the uid on the mount since the files are owned by the
> same user, but we do not need to override the mode)
> 

Those people may need to use forceuid/forcegid. I don't think there's a
way to reliably do this automatically. I think we're going to end up
forcing an option on somebody for this. I think we should make it so
that the people with non-matching uid/gid's have to use an option.
Otherwise we're making the default that we're trusting the mode but
overriding the uid/gid and that just seems wrong.

> 2) No problem with restricting the default mode.
> If we want to restrict it to more than the Samba default, 0744,
> which seems intuitive, I would like feedback from some users
> on this.  (Samba uses 0744, and that seems a sensible default to me,
> and probably is easier to be consistent).
> 

I'd rather we have a completely useless default and require admins to
consciously consider what they want to use than leave it open by
default, but 0744 (or 0755 even) would be an improvement. VFAT seems to
default to 0755, so maybe we should just go with that.

> 3) No problem will merge very soon
> 

Cool.

> On the mount.cifs patch, I like your change a lot, but haven't looked
> to see how hard it would be to add an extra option/keyword etc.
> to allow root to specify (e.g. in fstab) that a particular user can mount a
> particular directory (directories?) to any server.  Without that, or
> something like it, the (many) users I have talked to who don't
> necessarily know the server name they need to mount when
> the fstab is created/configured are out of luck and have to use
> other user space tools like smbclient (or know the root password)
> to mount something after boot time into e.g. their home directory.
> In the past our documentation told the administrator (root) to
> make mount.cifs setuid in order to let users mount
> something into a directory they own, and if you think that is
> too general (e.g. to put an equivalent keyword like "owner" in fstab)
> we have to at least be able to specify this for a particular
> directory/user combination narrowly in fstab.   I think at least one other
> distros had a specific fstab for smbfs which was handled differently,
> but I think it makes more sense to do as you have done and
> use the standard fstab.
> 

I'm afraid I'm not following what you're proposing here. Can you
outline what such an fstab entry would look like and how this would
work? My main concern is making sure that setuid mount.cifs follows the
restrictions on user mounts that /bin/mount has. I don't think there's
a way to make that "switchable" via a mount option, but if you can lay
out an example, I'm willing to listen.

I can sort of understand the need you say that people are asking for.
My assertion is mainly that that functionality has no business being in
the mount helper for cifs. It ought to be a separate program with
clearly defined behavior.

Let me turn this question around. Why should /bin/mount bother
restricting user mounts to those entries in /etc/fstab if you can
easily circumvent those restrictions by calling the setuid mount helper
directly?

-- 
Jeff Layton <jlayton at redhat.com>


More information about the linux-cifs-client mailing list