[linux-cifs-client] [PATCH 00/11] cifs: implement multisession mounts (try #2)
Stef Bon
stefbon at gmail.com
Thu Apr 22 13:55:06 MDT 2010
2010/4/22 Jeff Layton <jlayton at redhat.com>:
> On Thu, 22 Apr 2010 16:56:55 +0200
> Stef Bon <stefbon at gmail.com> wrote:
>
>> 2010/4/21 Jeff Layton <jlayton at redhat.com>:
>> > On Wed, 21 Apr 2010 16:16:26 +0200
>> > Stef Bon <stefbon at gmail.com> wrote:
>> >
>> >> I'm sorry but what is a multisession mount?
>> >>
>> >> Stef
>> for securiity reasons. Another user is not allowed to access my mounts
>> (not only to smb shares but every mount)
>>
>
> I'm sure your solution solves some problems, but it's I don't think it
> precludes this work. We have users of CIFS who do something similar
> today (albeit much more manually).
>
> There are certainly cases where someone has a shared directory that
> they need multiple users to access. Having to have a separate
> mountpoint for each of those users seems rather cumbersome, IMO.
>
> In either case, this is simply a different way to solve that issue.
> This solution will not preclude you from using CIFS in the way you wish
> (with a single set of credentials per mount).
Yes I understand. This is another way to provide data on the remote server,
but its just so not my idea of mounting.
But now when I read and think futher about this, I see that's a
providing new functionality
I can understand.
>
>> But apart from that, I think all the data (files,permissions,..)
>> depend on the credentials provided. The server "decides"
>> what the client can see. Now you want to make the mounpoint present
>> all the different "views" in one?
>>
>
> CIFS does not cache readdir info, so the server will still decide what
> each user can "see" based on the credentials that call the FIND_FILE
> ops. In the event of a syscall against a dentry that's visible to one
> user but not another, a call will still go out over the wire before
> that syscall is satisfied. Therefore I don't think this patchset will
> allow information "leakage" to users that shouldn't have it
So in this situation the amount of mountpoints is never more than the
number of smb shares available in the network, and does not depend
on the number of users, which in my construction is.
>
>> I do not know this is possible. The client should maintain different
>> views (or sessions as you call it) and present the view to the user.
>> But what if a user which is not linked to any credentials on the
>> client accesses the mountpiont?
>>
>
> There are a couple of possibilties. In the current patchset, they'll
> get back an error when they try to access the mount -- -ENOKEY
> currently in most cases, but I will likely need to translate that to
> something that more syscalls will expect, such as -EACCES.
>
> As a future feature, it might be helpful to establish an anonymous
> session to the server and map users without credentials to that.
That's a sound idea.
Stef
>
> --
> Jeff Layton <jlayton at redhat.com>
>
More information about the linux-cifs-client
mailing list