[linux-cifs-client] Re: CIFS Unix Extensions UIDs and
client permission checking
Steven French
sfrench at us.ibm.com
Sat Jul 17 23:25:37 GMT 2004
> I think that by default, the permissions on the client should *appear*
> to be those reported on the server, but that only the UID that mounted
> the FS should have access, by default.
This would be much stricter than smbfs - and would mean e.g. that only root
and the mounting user could access even though it might have 0777
permission. I think that the standard permission check on the client
(making it on by default to servers that support the unix extensions) is
reasonable and does not expose the server. In highly trusted environments
(like you see today in SANs and in server rooms) there is little harm in
allowing the admin to turn the client side perm check off for a particular
mount.
I do agree that eventually we will have to do a session setup for every new
user accessing the connection if we can find a way to get the password
(perhaps via a pam helper), which will lead to the same root squash issue
as nfs presumably (on the server side).
Steve French
Senior Software Engineer
Linux Technology Center - IBM Austin
phone: 512-838-2294
email: sfrench at-sign us dot ibm dot com
More information about the samba-technical
mailing list