[Samba] domain-free multi-user use cases
Eric Levy
contact at ericlevy.name
Sat Oct 23 08:00:30 UTC 2021
On Sat, 2021-10-23 at 03:47 -0400, Jonathon Reinhart wrote:
> On Sat, Oct 23, 2021 at 1:29 AM Eric Levy via samba
> <samba at lists.samba.org> wrote:
> > On Fri, 2021-10-22 at 22:07 -0700, Jeremy Allison via samba wrote:
> > > On Sat, Oct 23, 2021 at 12:03:18AM -0400, Eric Levy via samba
> > > wrote:
> > > > In my earlier conversation in this group, I described my needs
> > > > as
> > > > follows:
> > > >
> > > > What I want is multiple users on the client accessing the
> > > > same
> > > > mount
> > > > but with different permissions enforced for each. I want the
> > > > permissions to reflect the permissions for the corresponding
> > > > users
> > > > on the NAS.
> > > >
> > > > It seems by now it has been made clear that it is impossible
> > > > to
> > > > achieve this result without some kind of domain server...
> > >
> > > Isn't that the bog-standard standalone file server case,
> > > with user names on the client mapped into the same user
> > > names on the server ?
> > >
> > > The clients can easily do multi-user mounts, both Windows
> > > and Linux.
> > >
> > > I guess I don't understand exactly what you are asking
> > > for here.
> > >
> > > In your scenario, where are the "users" defined ? How
> > > does a client have multiple users logged in ? Are
> > > these local users defined on the client ?
> >
> > When I inquired earlier to this group, it was explained that
> > multiuser
> > mounts depend on a domain server, and this explanation is also
> > given in
> > the documentation. I think the standard standalone case is that all
> > files in the mount share the same owner viewed by the client,
> > perhaps
> > with some added support for special users such as "nobody". A mount
> > that shows different files owned by various regular users is not
> > supported. The reason is as you say, some mechanism is required to
> > support a user mapping, which currently is handled only by a domain
> > server.
>
> You can definitely have multiple users on a "standalone" Linux client
> each mounting a file share on a "standalone" Samba file server. And
> the Samba server will enforce the user's permissions on the server
> side. As Jeremy said, this is the boring case which has been
> supported
> forever.
>
> I'm no Samba expert, but If I wade through everything you're saying,
> I
> think the key issue you have with that is that all of the files
> *appear* (on the client side) to be owned by the user who mounted the
> share. While that's a fairly superfluous limitation (as it has no
> impact on what files the user can actually see/access), it is a
> limitation that doesn't exist when you have a domain that can perform
> ID mapping.
>
> So perhaps what you're really after isn't a major "class 3" overhaul
> of samba, but perhaps the not-yet-fully-supported(?) SMBv3 UNIX
> extensions:
> https://wiki.samba.org/index.php/UNIX_Extensions
>
> Specifically the POSIX file ownership:
> https://wiki.samba.org/index.php/SMB3-Linux#POSIX_file_ownership
>
> The status of SMBv3 UNIX extension support in smbd and the Linux
> kernel client is not clear to me; perhaps someone more knowledgeable
> can fill-in here.
>
> Jonathon
I think you are describing a case of each user maintaining a separate
single-user mount.
I am describing a multiuser mount, which I understand to be a mount,
often created through the administrative user account, in which various
files within the same mounted view are shown as owned by different
users, reflecting the ownership of the files on the server.
More information about the samba
mailing list