[linux-cifs-client] Re: CIFS Unix Extensions UIDs and client permission checking

Andrew Bartlett abartlet at samba.org
Sun Jul 18 02:46:35 GMT 2004

On Sun, 2004-07-18 at 09:25, Steven French wrote:
> > I think that by default, the permissions on the client should
> *appear*
> > to be those reported on the server, but that only the UID that
> mounted
> > the FS should have access, by default.
> This would be much stricter than smbfs - and would mean e.g. that only
> root and the mounting user could access even though it might have 0777
> permission. 

We could automatically setup an anonymous vuid on every session setup,
and map the other access to this vuid.

All other access is the equivalent of a suid - doing something as
somebody else.  We should have that locked out by default, at smbfs and
cifsfs did until unix extensions (at least that's my understanding of
the defaults).

I also think the administrator should be able to choose between server
ACL enforcement and a local 'defined permission' (effectively turn the
permission parts of unix extensions off).  

> I think that the standard permission check on the client (making it on
> by default to servers that support the unix extensions) is reasonable
> and does not expose the server. 

Given that many Samba servers are also enforcing ACLs, I think that
using the raw unix mode is a bad idea.  The client really should not be
enforcing additional restrictions on CIFS access control.  It simply
cannot do an accurate job of it.

> In highly trusted environments (like you see today in SANs and in
> server rooms) there is little harm in allowing the admin to turn the
> client side perm check off for a particular mount. 
> I do agree that eventually we will have to do a session setup for
> every new user accessing the connection if we can find a way to get
> the password (perhaps via a pam helper), which will lead to the same
> root squash issue as nfs presumably (on the server side).

I don't think root squash comes into it.  That implies that we somehow
trust the client again, and the reason that people use CIFS is because
people don't (otherwise they would use NFS :-)

If the client puts in the server's root password, then it has every
right to behave as root on the server.  Restricting this is a matter for
server access control, in the exact same way it is already done.

Andrew Bartlett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040718/eb204b1e/attachment.bin

More information about the samba-technical mailing list