Some linux-cifs-client ideas
David Collier-Brown
davec-b at rogers.com
Mon Aug 23 15:49:59 GMT 2004
Stefan (metze) Metzmacher wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Steve,
>
> I someone told me that you want to support that each user can use it's
> own credentials when mounting
> a share on a cifs server...is that correct?
>
> I have a view ideas how to realise this:
>
> 1. What we want
>
> - - Every unix user should be able to mount and umount cifs shares when
> he wants it,
> ~ so not only at login time. (using it's own credentials: user/dom/pass
> or krb5...)
Yes, preferably using either the system default means ("user" or
"users" on a mount line, or a mechanism other than the standard
mount, as you describe below.
>
> - - (Maybe) browse through the network neighborhood like browsing
> through a unix directory
>
> 2. Aproach
>
> - - having a virtuell cifs filesystem (like sysfs) mounted on /cifs
> ~ every unix user should have its own view of this filesystem.
> ~ (this file system will be mounted at boot time).
Yes, very much so! I use smbfs, and find the virtual /smb
directory very useful and, more importantly, easy to explain
to others.
>
> - - this filesystem has a /cifs/.ioctl file which is the io port for a
> tool 'cifsmount'
> ~ this will ask the virtuell filesystem to mount or unmount cifs shares.
>
> - - this shares will appear in /cifs/* ( or maybe /cifs/mnt/)
or perhaps /cifs/domain/server/share or /cifs/server/share?
> ~ (maybe also there will be a /cifs/network/ directory with
> ~ subdirectories for each known domain and subdirs for servers ...
> ~ just like the windows network neighborhood)
I'd try to make it as simple an elegant as possible,
so that you can mount on read of a given share in
a network neighborhood-like hierarchy.
>
> - - there will be a /etc/cifsmount.conf and a per user ~/.cifsmount/config
> ~ for configuration stuff like auth protocol( e.g. disallow lanman...)
> ~ and other stuff
>
> - - and for making it easier for the users there could be symlink ~/cifs
> to /cifs
> ~ in the home directory
>
> 3. Problems
>
> - - that would also solve the problem, of what default uid/gid the files
> should have,
> ~ just use the ones from the user...
If I mount /cifs/homes/davecb, as either root or a user, it
should be mounted with the owner being the unix (windows)
owner of the remote filesystem, and the group the unix group
of the remote filesystem. This allows the built-in access
checks in Unix to work, and allow me to cd to, for example,
/cifs/homes/joycecb and read files if an only if joyce made
them readable to me.
>
> - - as I'm not a kernel specialist, I'm not sure if there will be problems
> ~ maybe with setuid() and friends.
I'd suggest mimicking the mount options of nfs: The important
ones are nosuid, and for performance, noatime and noquota.
Other interesting ones are ro, bg, intr, remount, rsize=n
and wsize=n.
Likely setuid won't be a problem, but it makes sense to have a
way of setting the bit that makes mount ignore suid files
is desirable.
>
> Comments please?
> - --
> metze
>
> Stefan Metzmacher <metze at samba.org> www.samba.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3-nr1 (Windows XP)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFBKdcLm70gjA5TCD8RAosUAJ9+ISGJeF7MlfWodR0qJnDhnyDmcwCglL8h
> e3NPd+r4GEdfgZ8Iv9KZYNw=
> =9iZS
> -----END PGP SIGNATURE-----
>
More information about the samba-technical
mailing list