Samba, CIFS and mkfifo
Anders Karlsson
anders.karlsson at redhat.com
Fri Jan 26 20:33:30 GMT 2007
On Fri, 2007-01-26 at 10:35 -0800, Jeremy Allison wrote:
> On Fri, Jan 26, 2007 at 09:48:38AM +0000, Anders Karlsson wrote:
> >
> > Okay, let me see if I understand this correctly. The 'connected user' in
> > this instance is the user specified in the 'mount.cifs' command with the
> > option 'user=xxxxx', or if left out, the user that issues the mount
> > request, not the user that subsequently attempts to create the FIFO in
> > the directory where the share is mounted - correct?
>
> Yes, this is correct. Steve's code by default does only one
> sessionsetupX call which gives only one vuid (virtual uid).
> All accesses to that share will be done as that user.
Thank you for clarifying this.
> > So mounting the share with 'setuids' will simply not have any effect at
> > all when requesting the creation of a FIFO (and potentially other
> > filetypes) as the Samba server will (in future) _only_ use the uid/gid
> > supplied when initiating the session?
>
> Not "in future" - currently and by design. Remember, we don't
> allow arbitrary uid changes on a CIFS connection - we only
> allow chown when a user is mapped to root on the server
> (very dangerous).
And the 'setuids' option coupled with setting the admin user of the
share to the user mounting the share from the client is equivalent to
mounting the share as root.
Bear with me;
mount.cifs //server/share /mnt -o setuids,user=normaluser
if normaluser is set to admin user for the share, is equivalent to
mount.cifs //server/share /mnt -o user=root
correct understanding, or no?
Thanks!
/Anders
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3679 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070126/edce0ba6/smime.bin
More information about the samba-technical
mailing list