[Samba] how to mount shares as a user without mount.cifs setuid
Nico Kadel-Garcia
nkadel at gmail.com
Thu Apr 8 05:50:06 MDT 2010
On Thu, Apr 8, 2010 at 12:45 AM, Chris Smith <smb_77 at chrissmith.org> wrote:
> On Wed, Apr 7, 2010 at 9:39 PM, Jeff Layton <jlayton at samba.org> wrote:
>> Yes, we added a patch a while back to make it such that mount.cifs
>> would not allow itself to run as a setuid root program unless it that
>> check was compiled out.
>>
>> This was done due to a rather constant stream of "security issues" that
>> were brought about when people installed mount.cifs setuid root. Since
>> it had never been vetted for security, we really had no other choice to
>> communicate that installing it setuid root was unsafe.
>
> Not the place for it so the inquiry is only rhetorical.
> How can you equate adding a patch preventing a sysadmin from using an
> app as designed to communicating? Communication is one thing,
> handcuffs are another.
It doesn't stop a sysadmin. Sysadmins have root privileges and do not
need setuid for this. Sysadmins can also manipulate automount or
/etc/fstab to allow far more controlled mounting.
This isn't "handcuffs". It's a seatbelt.
More information about the samba
mailing list