Some linux-cifs-client ideas

David Collier-Brown davec-b at rogers.com
Mon Aug 23 15:49:59 GMT 2004


Stefan (metze) Metzmacher wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi Steve,
> 
> I someone told me that you want to support that each user can use it's 
> own credentials when mounting
> a share on a cifs server...is that correct?
> 
> I have a view ideas how to realise this:
> 
> 1. What we want
> 
> - - Every unix user should be able to mount and umount cifs shares when 
> he wants it,
> ~  so not only at login time. (using it's own credentials: user/dom/pass 
> or krb5...)

	Yes, preferably using either the system default means ("user" or
	"users" on a mount line, or a mechanism other than the standard
	mount, as you describe below.
> 
> - - (Maybe) browse through the network neighborhood like browsing 
> through a unix directory
> 
> 2. Aproach
> 
> - - having a virtuell cifs filesystem (like sysfs) mounted on /cifs
> ~  every unix user should have its own view of this filesystem.
> ~  (this file system will be mounted at boot time).

	Yes, very much so!  I use smbfs, and find the virtual /smb
	directory very useful and, more importantly, easy to explain
	to others.
> 
> - - this filesystem has a /cifs/.ioctl file which is the io port for a 
> tool 'cifsmount'
> ~  this will ask the virtuell filesystem to mount or unmount cifs shares.
> 
> - - this shares will appear in /cifs/* ( or maybe /cifs/mnt/)

	or perhaps /cifs/domain/server/share or /cifs/server/share?

> ~  (maybe also there will be a /cifs/network/ directory with
> ~   subdirectories for each known domain and subdirs for servers ...
> ~   just like the windows network neighborhood)

	I'd try to make it as simple an elegant as possible,
	so that you can mount on read of a given share in
	a network neighborhood-like hierarchy.
> 
> - - there will be a /etc/cifsmount.conf and a per user ~/.cifsmount/config
> ~  for configuration stuff like auth protocol( e.g. disallow lanman...)
> ~  and other stuff
> 
> - - and for making it easier for the users there could be symlink ~/cifs 
> to /cifs
> ~  in the home directory
> 
> 3. Problems
> 
> - - that would also solve the problem, of what default uid/gid the files 
> should have,
> ~  just use the ones from the user...

	If I mount /cifs/homes/davecb, as either root or a user, it
	should be mounted with the owner being the unix (windows)
	owner of the remote filesystem, and the group the unix group
	of the remote filesystem. This allows the built-in access
	checks in Unix to work, and allow me to cd to, for example,
	/cifs/homes/joycecb and read files if an only if joyce made
	them readable to me.
> 
> - - as I'm not a kernel specialist, I'm not sure if there will be problems
> ~  maybe with setuid() and friends.

	I'd suggest mimicking the mount options of nfs: The important
	ones are nosuid, and for performance, noatime and noquota.
	Other interesting ones are ro, bg, intr, remount, rsize=n
	and wsize=n.

	Likely setuid won't be a problem, but it makes sense to have a
	way of setting the bit that makes mount ignore suid files
	is desirable.
> 
> Comments please?
> - --
> metze
> 
> Stefan Metzmacher <metze at samba.org> www.samba.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3-nr1 (Windows XP)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> 
> iD8DBQFBKdcLm70gjA5TCD8RAosUAJ9+ISGJeF7MlfWodR0qJnDhnyDmcwCglL8h
> e3NPd+r4GEdfgZ8Iv9KZYNw=
> =9iZS
> -----END PGP SIGNATURE-----
> 




More information about the samba-technical mailing list