[Samba] domain-free multi-user use cases

Eric Levy contact at ericlevy.name
Thu Oct 28 07:41:32 UTC 2021


On Wed, 2021-10-27 at 10:39 -0500, Patrick Goetz via samba wrote:
> With all due respect, I think you're confused about how these things 
> must work, based on practical considerations. I urge you to go back
> and 
> re-read my first post in this thread carefully.  The issue is
> explained 
> there.
> 
> To reiterate an example I provided there (bitcoin), you either have
> a 
> central authority which is the final arbiter of deciding if someone 
> requesting a resource is actually the user they say they are, or you 
> don't.  If you don't have a central authority, then there must be
> some 
> other mechanism for determining this and those quickly become onerous
> or 
> complicated.  If you don't care about security, then problem solved: 
> just set file permissions to 777 and share the filesystem to anyone
> who 
> asks for it. This would generally not be acceptable in a business 
> context, but I know some smaller organizations who essentially have 
> their filesystem share configured this way: everyone is a fully
> trusted 
> user.

Would you please be specific about what leads you to think I am
confused? What have I written that is inaccurate?

A basic case of the proposed feature would be that the privileged user
of a client system (e.g. root) creates a remote mount using privileged
credentials on a remote system. This operation is currently supported,
but ownership information is not represented on the client mount. The
difference, representing the proposed support for multiuser, is that
the client would expose the true file owners in its local view. Doing
so requires a user mapping, which might be as simple as string matching
of names.





More information about the samba mailing list