Hi, I have an fstab entry like "//192.168.0.101/Disk\0401 /mnt/Y cifs user,uid=100,gid=1000 0 0" but I'm not able to umount this share as a user, why not? Shouldn't this be possible since i have the attribute "user" in there? Thank you! Ron -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Oct 2 2007 11:30, Ron Eggler wrote:
Hi, I have an fstab entry like "//192.168.0.101/Disk\0401 /mnt/Y cifs user,uid=100,gid=1000 0 0" but I'm not able to umount this share as a user, why not? Shouldn't this be possible since i have the attribute "user" in there?
Well... mount(8) would allow you, but since cifs provides its own helper module, mount.cifs(8), permission checking is delegated to mount.cifs. (So yes, you should probably file a bug, against cifs.) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ron Eggler wrote:
Hi, I have an fstab entry like "//192.168.0.101/Disk\0401 /mnt/Y cifs user,uid=100,gid=1000 0 0" but I'm not able to umount this share as a user, why not? Shouldn't this be possible since i have the attribute "user" in there?
Thank you! Ron
I would suggest looking at... http://pserver.samba.org/samba/ftp/cifs-cvs/linux-cifs-client-guide.pdf I think the issue is also discussed in man mount.cifs I have not needed to solve this problem so I have no idea how well it works... - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHA0JTasN0sSnLmgIRAvU9AKDt4BnrBmOxbVVzTPhJM5ZEy7LI3QCg0ksv IIwciZbyQm9VjOEEG2GaJUM= =73AU -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 03 October 2007 12:18:43 am G T Smith wrote:
Ron Eggler wrote:
Hi, I have an fstab entry like "//192.168.0.101/Disk\0401 /mnt/Y cifs user,uid=100,gid=1000 0 0" but I'm not able to umount this share as a user, why not? Shouldn't this be possible since i have the attribute "user" in there?
Thank you! Ron
I would suggest looking at...
http://pserver.samba.org/samba/ftp/cifs-cvs/linux-cifs-client-guide.pdf
Alright i read page 6 and then did following: reg@desktop-reg:~/Desktop/downloads> sudo chmod +s /sbin/mount.cifs # setuid root root's password: reg@desktop-reg:~/Desktop/downloads> mount # see my mounts /dev/sda6 on / type reiserfs (rw,acl,user_xattr) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) debugfs on /sys/kernel/debug type debugfs (rw) udev on /dev type tmpfs (rw) devpts on /dev/pts type devpts (rw,mode=0620,gid=5) /dev/sda7 on /home type reiserfs (rw,acl,user_xattr) /dev/sda2 on /windows/C type ntfs (ro,noexec,nosuid,nodev,gid=100,umask=0002,nls=utf8) /dev/sda3 on /windows/D type ntfs (ro,noexec,nosuid,nodev,gid=100,umask=0002,nls=utf8) securityfs on /sys/kernel/security type securityfs (rw) none on /proc/fs/vmblock/mountPoint type vmblock (rw) //192.168.0.2/media on /mnt/media type cifs (rw,mand,noexec,nosuid,nodev) //192.168.0.2/data on /mnt/data type cifs (rw,mand,noexec,nosuid,nodev) reg@desktop-reg:~/Desktop/downloads> umount /mnt/data #trying the umount one of the smb shares umount: only root can unmount //192.168.0.2/data from /mnt/data #this is what i get :( and i have no idea why it wouldn't work, well it says it should work like this, i don't know... the share got mounted with: //192.168.0.2/data /mnt/data cifs user,uid=100,gid=1000 0 0 from /etc/fstab. There's the user option and in that pdf it says that it would work with this option. Can anyone provide any further help please? Thanks! -- chEErs Ron -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 2007-10-03 at 19:45 -0700, Ron Eggler wrote:
On Wednesday 03 October 2007 12:18:43 am G T Smith wrote:
Ron Eggler wrote:
Hi, I have an fstab entry like "//192.168.0.101/Disk\0401 /mnt/Y cifs user,uid=100,gid=1000 0 0" but I'm not able to umount this share as a user, why not? Shouldn't this be possible since i have the attribute "user" in there?
Be sure to note the difference between the 'user' and the 'users' options. The man page only mentions users unmounting if the 'users' option is supplied. The 'user' option seems to be limited to mounting. -- Roger Oberholtzer OPQ Systems / Ramböll RST Ramböll Sverige AB Kapellgränd 7 P.O. Box 4205 SE-102 65 Stockholm, Sweden Tel: Int +46 8-615 60 20 Mobl: Int +46 70-815 1696 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 04 October 2007 08:47:19 Roger Oberholtzer wrote:
On Wed, 2007-10-03 at 19:45 -0700, Ron Eggler wrote:
On Wednesday 03 October 2007 12:18:43 am G T Smith wrote:
Ron Eggler wrote:
Hi, I have an fstab entry like "//192.168.0.101/Disk\0401 /mnt/Y cifs user,uid=100,gid=1000 0 0" but I'm not able to umount this share as a user, why not? Shouldn't this be possible since i have the attribute "user" in there?
Be sure to note the difference between the 'user' and the 'users' options. The man page only mentions users unmounting if the 'users' option is supplied. The 'user' option seems to be limited to mounting.
Nix. The difference is that if "user" is given, any non-root user can mount it and only the same user can unmount it. With "users", any user can mount it, and *any* user can unmount it Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 04 October 2007 11:17:47 am Anders Johansson wrote:
On Thursday 04 October 2007 08:47:19 Roger Oberholtzer wrote:
On Wed, 2007-10-03 at 19:45 -0700, Ron Eggler wrote:
On Wednesday 03 October 2007 12:18:43 am G T Smith wrote:
Ron Eggler wrote:
Hi, I have an fstab entry like "//192.168.0.101/Disk\0401 /mnt/Y cifs user,uid=100,gid=1000 0 0" but I'm not able to umount this share as a user, why not? Shouldn't this be possible since i have the attribute "user" in there?
Be sure to note the difference between the 'user' and the 'users' options. The man page only mentions users unmounting if the 'users' option is supplied. The 'user' option seems to be limited to mounting.
Nix. The difference is that if "user" is given, any non-root user can mount it and only the same user can unmount it. With "users", any user can mount it, and *any* user can unmount it
Okay, I changed "user" to "users" in my fstab, umounted my share, mounted it back with 'mount -a' and then i did following: reg@desktop-reg:~> umount /mnt/data Trying to unmount when /sbin/umount.cifs not installed suid Trying to unmount when /sbin/umount.cifs not installed suid reg@desktop-reg:~> sudo chmod +s /sbin/umount.cifs reg@desktop-reg:~> umount /mnt/data Not permitted to unmount Not permitted to unmount What does this now mean? Weird eh? Thanks! -- chEErs Ron -- chEErs Ron -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ron Eggler wrote:
On Thursday 04 October 2007 11:17:47 am Anders Johansson wrote:
On Thursday 04 October 2007 08:47:19 Roger Oberholtzer wrote:
On Wednesday 03 October 2007 12:18:43 am G T Smith wrote:
Ron Eggler wrote:
Hi, I have an fstab entry like "//192.168.0.101/Disk\0401 /mnt/Y cifs user,uid=100,gid=1000 0 0" but I'm not able to umount this share as a user, why not? Shouldn't this be possible since i have the attribute "user" in there? Be sure to note the difference between the 'user' and the 'users'
On Wed, 2007-10-03 at 19:45 -0700, Ron Eggler wrote: options. The man page only mentions users unmounting if the 'users' option is supplied. The 'user' option seems to be limited to mounting. Nix. The difference is that if "user" is given, any non-root user can mount it and only the same user can unmount it. With "users", any user can mount it, and *any* user can unmount it
Okay, I changed "user" to "users" in my fstab, umounted my share, mounted it back with 'mount -a' and then i did following: reg@desktop-reg:~> umount /mnt/data Trying to unmount when /sbin/umount.cifs not installed suid Trying to unmount when /sbin/umount.cifs not installed suid
I would guess that this means that you need to set the same suid on umount.cifs as you have on mount.cifs.
reg@desktop-reg:~> sudo chmod +s /sbin/umount.cifs reg@desktop-reg:~> umount /mnt/data Not permitted to unmount Not permitted to unmount
What does this now mean? Weird eh?
Thanks!
- -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHBfr9asN0sSnLmgIRAjoBAJ9/HDcTvlUPerNVi8pCs7iLNZHsGgCgtEHV kWdMaTuhSNa7k1lEjcZK9IE= =Kswc -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Friday 05 October 2007 01:51:10 am G T Smith wrote: [snip]
Be sure to note the difference between the 'user' and the 'users' options. The man page only mentions users unmounting if the 'users' option is supplied. The 'user' option seems to be limited to mounting.
Nix. The difference is that if "user" is given, any non-root user can mount it and only the same user can unmount it. With "users", any user can mount it, and *any* user can unmount it
Okay, I changed "user" to "users" in my fstab, umounted my share, mounted it back with 'mount -a' and then i did following: reg@desktop-reg:~> umount /mnt/data Trying to unmount when /sbin/umount.cifs not installed suid Trying to unmount when /sbin/umount.cifs not installed suid
I would guess that this means that you need to set the same suid on umount.cifs as you have on mount.cifs.
But I have set both with"sudo chmod +s /sbin/umount.cifs" I don't know what else i can do, i'm getting desperate :( Thanks for your help! -- chEErs Ron -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ron Eggler wrote:
On Friday 05 October 2007 01:51:10 am G T Smith wrote: [snip]
Be sure to note the difference between the 'user' and the 'users' options. The man page only mentions users unmounting if the 'users' option is supplied. The 'user' option seems to be limited to mounting. Nix. The difference is that if "user" is given, any non-root user can mount it and only the same user can unmount it. With "users", any user can mount it, and *any* user can unmount it Okay, I changed "user" to "users" in my fstab, umounted my share, mounted it back with 'mount -a' and then i did following: reg@desktop-reg:~> umount /mnt/data Trying to unmount when /sbin/umount.cifs not installed suid Trying to unmount when /sbin/umount.cifs not installed suid I would guess that this means that you need to set the same suid on umount.cifs as you have on mount.cifs.
But I have set both with"sudo chmod +s /sbin/umount.cifs" I don't know what else i can do, i'm getting desperate :( Thanks for your help!
a) Have you checked the suid has actually been set... b) the info entry on chmod documents the possibility of using u+s rather than +s... (setting suids is something I do rarely) - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHB0Z5asN0sSnLmgIRApgCAJ9vCsF4P9wB4KV0xNq5YqKBT8MMKQCfRqZb ud2Hu22qCMFa60KL0EN6uxM= =W81o -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 06 October 2007 01:25:29 am G T Smith wrote:
Ron Eggler wrote:
On Friday 05 October 2007 01:51:10 am G T Smith wrote: [snip]
Be sure to note the difference between the 'user' and the 'users' options. The man page only mentions users unmounting if the 'users' option is supplied. The 'user' option seems to be limited to mounting.
Nix. The difference is that if "user" is given, any non-root user can mount it and only the same user can unmount it. With "users", any user can mount it, and *any* user can unmount it
Okay, I changed "user" to "users" in my fstab, umounted my share, mounted it back with 'mount -a' and then i did following: reg@desktop-reg:~> umount /mnt/data Trying to unmount when /sbin/umount.cifs not installed suid Trying to unmount when /sbin/umount.cifs not installed suid
I would guess that this means that you need to set the same suid on umount.cifs as you have on mount.cifs.
But I have set both with"sudo chmod +s /sbin/umount.cifs" I don't know what else i can do, i'm getting desperate :( Thanks for your help!
a) Have you checked the suid has actually been set... b) the info entry on chmod documents the possibility of using u+s rather than +s... (setting suids is something I do rarely)
They are the same, aren't they? reg@desktop-reg:~> ls -n /sbin/umount.cifs -rwsr-sr-x 1 0 0 14416 2007-06-29 04:51 /sbin/umount.cifs reg@desktop-reg:~> ls -n /sbin/mount.cifs -rwsr-sr-x 1 0 0 22928 2007-06-29 04:51 /sbin/mount.cifs Thanks for any further help! What I'm trying to do by the way is: Get my cifs mounts umounted before my server gets shutdown and i shoutdown my server with a "shutdown" command in my ~/,kde/shutdown directory. I've tried shutting it down with a "S" init script in /etc/init.d/rc5.d or /etc/init.d/rc0.d but this didn't work fine so i decided to do it the KDE way. Now before executing the shutdown command for my server i want to umount the shares (and since I'm a user at this time, i need to be able to umount em as user). Thanks for help or suggestions. -- chEErs Ron -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 06 October 2007 09:39, Ron Eggler wrote:
...
a) Have you checked the suid has actually been set... b) the info entry on chmod documents the possibility of using u+s rather than +s... (setting suids is something I do rarely)
They are the same, aren't they?
If you're referring to "chmod u+s" vs. "chmod +s" the difference is that the former enables only the set-user-ID, while the latter enables both the set-user-ID and the set-group-ID modes.
...
Thanks for help or suggestions. -- chEErs Ron
Randall Schulz -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 06 October 2007 10:12:57 am Randall R Schulz wrote:
On Saturday 06 October 2007 09:39, Ron Eggler wrote:
...
a) Have you checked the suid has actually been set... b) the info entry on chmod documents the possibility of using u+s rather than +s... (setting suids is something I do rarely)
They are the same, aren't they?
If you're referring to "chmod u+s" vs. "chmod +s" the difference is that the former enables only the set-user-ID, while the latter enables both the set-user-ID and the set-group-ID modes.
Okay I did q chmod u+s for /sbin/mount.cifs and /sbin/umount.cifs. Umounted /mnt/data as root and mounted it back on with mount -a and then tried to umount as user but still would tell me "not permitted to unmount"... :( Thanks for any other ideas.... -- chEErs Ron -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 06 October 2007 12:45, Ron Eggler wrote:
On Saturday 06 October 2007 10:12:57 am Randall R Schulz wrote:
On Saturday 06 October 2007 09:39, Ron Eggler wrote:
...
a) Have you checked the suid has actually been set... b) the info entry on chmod documents the possibility of using u+s rather than +s... (setting suids is something I do rarely)
They are the same, aren't they?
If you're referring to "chmod u+s" vs. "chmod +s" the difference is that the former enables only the set-user-ID, while the latter enables both the set-user-ID and the set-group-ID modes.
Okay I did q chmod u+s for /sbin/mount.cifs and /sbin/umount.cifs. Umounted /mnt/data as root and mounted it back on with mount -a and then tried to umount as user but still would tell me "not permitted to unmount"... :( Thanks for any other ideas....
I wasn't really paying attention to your issue, only the question "They are the same, aren't they?" I don't know too much about MS file sharing and its Linux implementations, so I won't try to help you out, since it seems what little I do know has already been covered. Randall Schulz -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 06 October 2007 12:57:31 pm Randall R Schulz wrote:
On Saturday 06 October 2007 12:45, Ron Eggler wrote:
On Saturday 06 October 2007 10:12:57 am Randall R Schulz wrote:
On Saturday 06 October 2007 09:39, Ron Eggler wrote:
...
a) Have you checked the suid has actually been set... b) the info entry on chmod documents the possibility of using u+s rather than +s... (setting suids is something I do rarely)
They are the same, aren't they?
If you're referring to "chmod u+s" vs. "chmod +s" the difference is that the former enables only the set-user-ID, while the latter enables both the set-user-ID and the set-group-ID modes.
Okay I did q chmod u+s for /sbin/mount.cifs and /sbin/umount.cifs. Umounted /mnt/data as root and mounted it back on with mount -a and then tried to umount as user but still would tell me "not permitted to unmount"... :( Thanks for any other ideas....
I wasn't really paying attention to your issue, only the question "They are the same, aren't they?"
I don't know too much about MS file sharing and its Linux implementations, so I won't try to help you out, since it seems what little I do know has already been covered.
I've actually been working with Samba and Windows implementation for a while now but i've never come accross this issue till now and i don't know... but somehow i feel like getting stuck but if someone had asked me earlier i would have answered "Of course you can - it's just a matter of setting the umount binary suid root" - but here we go...it doesn't seem to be this simple and i don't know what the problem really is... :o Thanks to everyone who gives a suggestion towards fixing my issue! -- chEErs Ron -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 06 October 2007 21:45:24 Ron Eggler wrote:
Okay I did q chmod u+s for /sbin/mount.cifs and /sbin/umount.cifs. Umounted /mnt/data as root and mounted it back on with mount -a and then tried to umount as user but still would tell me "not permitted to unmount"... :( Thanks for any other ideas....
OK, I just checked the source code, and it seems cifs doesn't respect fstab here. It only checks for root, or if you are the same user who mounted it. Regardless of what fstab says, root and the mounting user are allowed to umount, no one else Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 06 October 2007 01:01:58 pm Anders Johansson wrote:
On Saturday 06 October 2007 21:45:24 Ron Eggler wrote:
Okay I did q chmod u+s for /sbin/mount.cifs and /sbin/umount.cifs. Umounted /mnt/data as root and mounted it back on with mount -a and then tried to umount as user but still would tell me "not permitted to unmount"... :( Thanks for any other ideas....
OK, I just checked the source code, and it seems cifs doesn't respect fstab here. It only checks for root, or if you are the same user who mounted it. Regardless of what fstab says, root and the mounting user are allowed to umount, no one else
Are you serious there? :o Is there any chance i could change this(withou recompiling the whole deal)? Do you know why it is this way? is there a reason? Thanks for getting to the roots! I appreciate that! -- chEErs Ron -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 06 October 2007 22:07:09 Ron Eggler wrote:
Are you serious there? :o
Yes
Is there any chance i could change this(withou recompiling the whole deal)?
No, and even a recompile wouldn't help. It's not a compile option. It needs rewriting. I think it would even require a recompile/rewrite of the cifs kernel module
Do you know why it is this way? is there a reason?
Not a single clue. It seems silly to me, it should follow the same rules as the other file systems Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anders Johansson wrote:
On Saturday 06 October 2007 22:07:09 Ron Eggler wrote:
Are you serious there? :o
Yes
Is there any chance i could change this(withou recompiling the whole deal)?
No, and even a recompile wouldn't help. It's not a compile option. It needs rewriting. I think it would even require a recompile/rewrite of the cifs kernel module
Do you know why it is this way? is there a reason?
Not a single clue. It seems silly to me, it should follow the same rules as the other file systems
Anders
Within the context of the Linux file system mounting framework I would agree with you. However, in the context of a Directory Service managed resource framework it does begin (I should emphasise the begin) to make sense. In the latter resources would ideally be managed in global network manner, and there should be some constraints on what context a local machine or individual can interact with the network resource. - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHCKUBasN0sSnLmgIRAmygAJsEvNgsYj1tqWsI7P+M4rnXhz3ctACeJQks T6N0Jo0vUJHsfCZo2Kvu1+E= =15bc -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 07 October 2007 11:21:05 G T Smith wrote:
Within the context of the Linux file system mounting framework I would agree with you.
However, in the context of a Directory Service managed resource framework it does begin (I should emphasise the begin) to make sense. In the latter resources would ideally be managed in global network manner, and there should be some constraints on what context a local machine or individual can interact with the network resource.
Hm, I'm not sure I follow you. First of all, someone can unmount it. So why shouldn't the admin of the machine be able to delegate this to others, in the same way as for other file systems? Secondly, are you seriously saying that it's possible through policy to prevent a client from *un*mounting a resource? I can understand that there are rules about who can mount and from where, but surely a client can at any time say "no, I don't want this share anymore" -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anders Johansson wrote:
On Sunday 07 October 2007 11:21:05 G T Smith wrote:
Within the context of the Linux file system mounting framework I would agree with you.
However, in the context of a Directory Service managed resource framework it does begin (I should emphasise the begin) to make sense. In the latter resources would ideally be managed in global network manner, and there should be some constraints on what context a local machine or individual can interact with the network resource.
Hm, I'm not sure I follow you.
First of all, someone can unmount it. So why shouldn't the admin of the machine be able to delegate this to others, in the same way as for other file systems?
Secondly, are you seriously saying that it's possible through policy to prevent a client from *un*mounting a resource? I can understand that there are rules about who can mount and from where, but surely a client can at any time say "no, I don't want this share anymore"
Unfortunately if you can disconnect a resource, you can also reconnect something else at the same point, and that could be a security issue. If the location is taken it makes it more difficult (but not impossible) to hijack. - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHCM/WasN0sSnLmgIRAh0jAKC7ZsdAfdd019fLcsYfg1seLpWHQACfYqz5 OTw2mVDzKmHfrpeBQnvbaW0= =2l5O -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 07 October 2007 14:23:50 G T Smith wrote:
Unfortunately if you can disconnect a resource, you can also reconnect something else at the same point, and that could be a security issue. If the location is taken it makes it more difficult (but not impossible) to hijack.
No you can't, because linux will only allow you to mount things as a user when permission is explicitly given in fstab. Which means the worst they could do is remount the same resource If you think this is wrong, please give a concrete example of how it could be done -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anders Johansson wrote:
On Sunday 07 October 2007 14:23:50 G T Smith wrote:
Unfortunately if you can disconnect a resource, you can also reconnect something else at the same point, and that could be a security issue. If the location is taken it makes it more difficult (but not impossible) to hijack.
No you can't, because linux will only allow you to mount things as a user when permission is explicitly given in fstab. Which means the worst they could do is remount the same resource
If you think this is wrong, please give a concrete example of how it could be done
What you say is true if you make the assumption that a workstation is used by a single person only, or network resource access requirements are fairly static on the workstation. /etc/fstab is a good secure mechanism for(workstation based) global resources allocation, and on a single user workstation can be used effectively for access to personalised networks resources as well. While it is there it is nearly impossible to break. There are other environments where the above assumption are not the case, and the /etc/fstab mechanism becomes inadequate. In an environment where people hotdesk rather than people being allocated their own machine in particular, one starts hitting a number of problems particularly in relation to cifs on *NIX (NFS does not really present a problem). If users have personalised resources on cifs shares the administrators life has the potential to get rather interesting in this scenario. Unless one wishes to create an /etc/fstab entry for every possible user of a workstation, which is a potential administrative nightmare with cifs (the maintenance of authentication credentials is a probable show stopper in its own right here), the immediate option is a /etc/fstab based configuration that could reduce administration by using a common home mount point and a mechanism to correctly mount the users resources at that point. However this does present a practical problem in that for this to work the user needs some sort of localised root access. One of Linux's strengths becomes a weakness in that for certain classes of activity one needs a level of access that exceeds that which strictly required. In effect one can find you have to break the security that the /etc/fstab mechanism provides by removing its protection in order to get this to work. In this situation another level of control is required to ensure that some changes are not allowed to happen, (or at least take effect). This is what I mean by there being a possible security issue. The obvious alternative approach of entering via a common server directory and using server access rights to limit visibility presents other issues in a mixed Windows/Linux environment. pam_mount on paper should deal with this issue for common connections. (it also does not require /etc/fstab entries according to the documentation), and is potentially a much neater way of handling a user login to a cifs share as a home directory and disconnecting when the user logs out. However, as at the moment I do not think it can deal with conditional mounts. so in a situation where a user has access to resources not only defined by who they are. but their role in the organisation, and where they are; this on its own is not a complete solution. (Fortunately few have to worry about this one). At the momemt AFAIK a network level of control is only an option with Windows based workstations running with AD or NDS. (IIRC Kerberos was part of the athena project to bring this together for *NIX world a couple of decades ago but to what extent it is now more than authentication mechanism I am uncertain about). In some ways it is fortunate that Samba is most often used to integrate *NIX server resources in a largely Windows environments at the moment. - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHCfBRasN0sSnLmgIRAnWSAJ0V3VqkR78Dhic+2aCYVyWZsYrTfACg+kCZ kM1NVOuONWKoJXbUPnfD5yg= =yDrA -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 08 October 2007 10:54:41 G T Smith wrote:
Anders Johansson wrote:
On Sunday 07 October 2007 14:23:50 G T Smith wrote:
Unfortunately if you can disconnect a resource, you can also reconnect something else at the same point, and that could be a security issue. If the location is taken it makes it more difficult (but not impossible) to hijack.
No you can't, because linux will only allow you to mount things as a user when permission is explicitly given in fstab. Which means the worst they could do is remount the same resource
If you think this is wrong, please give a concrete example of how it could be done
<snip something about home directories on samba shares> Obviously your scenario is just wrong. First of all, for the kind of shares you're talking about, there are the non-mounted resources (smb:// in various browsers and vfs implementations). You can't have your home directory on samba anyway (or at least you shouldn't). So that eliminates your scenario Secondly, one single mount point for all users is just bad, it won't work. Thirdly, if there really is a need for mounting, there is FUSE (but there isn't a need, so...) Finally, for the kind of "conditional mounts" you refer to, there is autofs In no case do you ever have to give a normal user root access Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anders Johansson wrote:
On Monday 08 October 2007 10:54:41 G T Smith wrote:
Anders Johansson wrote:
On Sunday 07 October 2007 14:23:50 G T Smith wrote:
Unfortunately if you can disconnect a resource, you can also reconnect something else at the same point, and that could be a security issue. If the location is taken it makes it more difficult (but not impossible) to hijack. No you can't, because linux will only allow you to mount things as a user when permission is explicitly given in fstab. Which means the worst they could do is remount the same resource
If you think this is wrong, please give a concrete example of how it could be done <snip something about home directories on samba shares>
Obviously your scenario is just wrong.
I think you need to do a little research into both AD and NDS and some Network Operating System concepts.... You are thinking server and machine centric not network centric... e.g. NT user accounts are frequently dynamically created on the local machine on login and the account removed on logout, accounts and their settings exist on the network NOT the machine (I am unaware of anything similar on *NIX). The approach has its problems but works well enough...
First of all, for the kind of shares you're talking about, there are the non-mounted resources (smb:// in various browsers and vfs implementations). You can't have your home directory on samba anyway (or at least you shouldn't). So that eliminates your scenario
If the directory is mounted on login there is no real reason why you should not either. You are obviously completely unfamiliar with concept of the hotdesk. Let me spell it out ... user does not have own machine, user may have own resources and own role in organisation, user must be able sit down and use any machine in a pool of machines and use as own... This is commonly used in teaching institutions, call centres, and other variants of cubicle land... And are you seriously suggesting that in organisation with several hundred users that you set up several hundred home directories (and associated accounts) on each machine in the pool? The browser is an approach with limitations. For it to work with reasonable safety any settings need to travel with the user and not be tied to the machine. Oddly enough this is something fairly easy to do with Windows with AD or NDS...
Secondly, one single mount point for all users is just bad, it won't work.
There are a number of references to this type of configuration around with NFS, there is usually a single mount point but is lower down the hierarchy on the server end and in theory you should only see the material pertinent to the logged in user. There have various ways of presenting a file system across a network for a long time in *NIX world, but they do not really fit more recent desktop use models.
Thirdly, if there really is a need for mounting, there is FUSE (but there isn't a need, so...)
Have you actually tried smbfuse? It crawls....veeeeeeerrrrryyyy ssssslllllooowwwllyy :-) When I last looked at it, it spent an awful lot of time authenticating when I tracked what was happening, also can pick stuff that do not want to be picked up if you are not careful ... Nice idea but not currently usable...
Finally, for the kind of "conditional mounts" you refer to, there is autofs
You are talking hardware conditional not user/location conditional. i.e. If A is member of group 2 they can use resource VI when they log in... What we considering is the concept of single point of login and transparent access to resources .... One of the most serious security issues is password and identity overload... if people have lots of IDs and passwords people starting loosing track what password works with which ID... so people people starting making life easy for themselves and choose insecure password or put the passwords down on a bit of paper.. (how many people have come across the stick it note with the password list on the monitor :-) )
In no case do you ever have to give a normal user root access
Ideally of course,
Anders
- -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHC0irasN0sSnLmgIRArJxAJ9+uDw4yyMgE23b4dkrXd9HXwjkRwCfT9km TF22nqFsz59EbKmZZMVQhvM= =cB2W -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
G T Smith wrote:
...NT user accounts are frequently dynamically created on the local machine on login and the account removed on logout, accounts and their settings exist on the network NOT the machine (I am unaware of anything similar on *NIX). The approach has its problems but works well enough...
After all the really good stuff you've contributed, this is a real shocker, so maybe I'm not understanding what you're saying. I worked in a facility a few years ago (late '90's) where there were dozens of antique Suns, of the 10MHz Sparc, 128M RAM, 50MB disk variety, and a few late-model, high-power machines. We got a new sysadmin who, within a few days, had us all set up with an nfs-shared central home directory on a large, fast machine. We could log in from anywhere in the facility and have our own complete working environment, with all our personal environment, file structure, and home-based programs. I even had him set up my machine (one of the slowest, smallest, oldest) to work as an X-terminal to one of the largest, most powerful, but little used machines, and the only difference between running my applications on the Ultra and on my klunky little desktop was that my machine had only 256 colors available for display. Doesn't this qualify as dynamically created on the local machine? and on the intermediate machine? Solaris is unix, you're aware? John Perry -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John E. Perry wrote:
G T Smith wrote:
...NT user accounts are frequently dynamically created on the local machine on login and the account removed on logout, accounts and their settings exist on the network NOT the machine (I am unaware of anything similar on *NIX). The approach has its problems but works well enough...
After all the really good stuff you've contributed, this is a real shocker, so maybe I'm not understanding what you're saying.
I worked in a facility a few years ago (late '90's) where there were dozens of antique Suns, of the 10MHz Sparc, 128M RAM, 50MB disk variety, and a few late-model, high-power machines. We got a new sysadmin who, within a few days, had us all set up with an nfs-shared central home directory on a large, fast machine. We could log in from anywhere in the facility and have our own complete working environment, with all our personal environment, file structure, and home-based programs. I even had him set up my machine (one of the slowest, smallest, oldest) to work as an X-terminal to one of the largest, most powerful, but little used machines, and the only difference between running my applications on the Ultra and on my klunky little desktop was that my machine had only 256 colors available for display.
Doesn't this qualify as dynamically created on the local machine? and on the intermediate machine? Solaris is unix, you're aware?
John Perry
Sorry, had come across this now that you remind me (I think it was called yellow pages, Suntools or something and was not pure NFS but had a network administrative layer of some sort... ).. I had completely forgotten about it!... must be going senile :-/ .. Did not have have much to with admin side of this... too busy writing dodgy Quintus prolog stuff at time, damn nice development environment for the mid 80s though.... - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHC6OpasN0sSnLmgIRAqxDAKDRnMOKW9dN58qXRYta9f3nGB8MKACg9GNn dmFx/G5c97zdAVmLFkTT8Ew= =QBrd -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 09 October 2007 17:52:09 G T Smith wrote:
John E. Perry wrote:
G T Smith wrote:
...NT user accounts are frequently dynamically created on the local machine on login and the account removed on logout, accounts and their settings exist on the network NOT the machine (I am unaware of anything similar on *NIX). The approach has its problems but works well enough...
After all the really good stuff you've contributed, this is a real shocker, so maybe I'm not understanding what you're saying.
I worked in a facility a few years ago (late '90's) where there were dozens of antique Suns, of the 10MHz Sparc, 128M RAM, 50MB disk variety, and a few late-model, high-power machines. We got a new sysadmin who, within a few days, had us all set up with an nfs-shared central home directory on a large, fast machine. We could log in from anywhere in the facility and have our own complete working environment, with all our personal environment, file structure, and home-based programs. I even had him set up my machine (one of the slowest, smallest, oldest) to work as an X-terminal to one of the largest, most powerful, but little used machines, and the only difference between running my applications on the Ultra and on my klunky little desktop was that my machine had only 256 colors available for display.
Doesn't this qualify as dynamically created on the local machine? and on the intermediate machine? Solaris is unix, you're aware?
John Perry
Sorry, had come across this now that you remind me (I think it was called yellow pages, Suntools or something and was not pure NFS but had a network administrative layer of some sort... ).. I had completely forgotten about it!... must be going senile :-/ ..
It has nothing to do with the directory. AD, NDS, LDAP or Yellow Pages have absolutely nothing to do with this kind of automatic mounting. It's just a simpler way of centrally administering the whole thing (saves having to copy round lots of config files, /etc/passwd and so on), but it's perfectly doable, albeit more cumbersome, without -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anders Johansson wrote:
On Tuesday 09 October 2007 17:52:09 G T Smith wrote:
John E. Perry wrote:
G T Smith wrote:
...NT user accounts are frequently dynamically created on the local machine on login and the account removed on logout, accounts and their settings exist on the network NOT the machine (I am unaware of anything similar on *NIX). The approach has its problems but works well enough... After all the really good stuff you've contributed, this is a real shocker, so maybe I'm not understanding what you're saying.
I worked in a facility a few years ago (late '90's) where there were dozens of antique Suns, of the 10MHz Sparc, 128M RAM, 50MB disk variety, and a few late-model, high-power machines. We got a new sysadmin who, within a few days, had us all set up with an nfs-shared central home directory on a large, fast machine. We could log in from anywhere in the facility and have our own complete working environment, with all our personal environment, file structure, and home-based programs. I even had him set up my machine (one of the slowest, smallest, oldest) to work as an X-terminal to one of the largest, most powerful, but little used machines, and the only difference between running my applications on the Ultra and on my klunky little desktop was that my machine had only 256 colors available for display.
Doesn't this qualify as dynamically created on the local machine? and on the intermediate machine? Solaris is unix, you're aware?
John Perry Sorry, had come across this now that you remind me (I think it was called yellow pages, Suntools or something and was not pure NFS but had a network administrative layer of some sort... ).. I had completely forgotten about it!... must be going senile :-/ ..
It has nothing to do with the directory. AD, NDS, LDAP or Yellow Pages have absolutely nothing to do with this kind of automatic mounting. It's just a simpler way of centrally administering the whole thing (saves having to copy round lots of config files, /etc/passwd and so on), but it's perfectly doable, albeit more cumbersome, without
Which is the main point..management... Automount now that I am aware of it I can see is a tool that provides one part of the equation, but not a complete answer.. (but the documentation does observe that it has some limitations ... ) I used to run Netware NDS setup with a couple of remote sites, a few hundred workstations, several thousand user accounts, charged printer services and a few other bits and pieces. Everything from application configuration to login scripts could be maintained in the directory, for network administrators snmb, router, radius and firewall management can done through the directory, AD does much the same (although it was a bit of a cripple then, and is probably still a cripple now). With NTs user profile management (which is still very flakey in places) one could do a lot more than define filestore resources (e.g. make certain that printing went to a local shared printer rather than halfway across the building). To even contemplate this file distribution idea makes me shudder, there is too much that could go wrong, and if it could go wrong it probably will go wrong. In the situation where on annual basis one needed to create and set couple of thousand of accounts, and delete a similar number each year and dealt with a steady flow of new accounts this is not a workable concept. You something like NISS, AD or LDAP just to keep your sanity... OpenLDAP I would expect to move towards this kind of functionality, if they have not got it closer already (is about a year since I last looked at it, and it looked as if work had still to be done)... - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHC+LOasN0sSnLmgIRAvSjAKCfPFj+610FKSdktzvzFS9A7+w9BQCdHBih Ey+0Rm0JC/gobT1172Z07ng= =RrjG -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 09 October 2007 11:23:56 G T Smith wrote:
Anders Johansson wrote:
On Monday 08 October 2007 10:54:41 G T Smith wrote:
Anders Johansson wrote:
On Sunday 07 October 2007 14:23:50 G T Smith wrote:
Unfortunately if you can disconnect a resource, you can also reconnect something else at the same point, and that could be a security issue. If the location is taken it makes it more difficult (but not impossible) to hijack.
No you can't, because linux will only allow you to mount things as a user when permission is explicitly given in fstab. Which means the worst they could do is remount the same resource
If you think this is wrong, please give a concrete example of how it could be done
<snip something about home directories on samba shares>
Obviously your scenario is just wrong.
I think you need to do a little research into both AD and NDS and some Network Operating System concepts.... You are thinking server and machine centric not network centric... e.g. NT user accounts are frequently dynamically created on the local machine on login and the account removed on logout, accounts and their settings exist on the network NOT the machine (I am unaware of anything similar on *NIX). The approach has its problems but works well enough...
Been there, done that, used automount, which is capable of using dynamic share names, worked perfectly - no need to create home directories on each machine, no need for local root access -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anders Johansson wrote:
On Tuesday 09 October 2007 11:23:56 G T Smith wrote:
Anders Johansson wrote:
On Monday 08 October 2007 10:54:41 G T Smith wrote:
Anders Johansson wrote:
On Sunday 07 October 2007 14:23:50 G T Smith wrote:
Unfortunately if you can disconnect a resource, you can also reconnect something else at the same point, and that could be a security issue. If the location is taken it makes it more difficult (but not impossible) to hijack. No you can't, because linux will only allow you to mount things as a user when permission is explicitly given in fstab. Which means the worst they could do is remount the same resource
If you think this is wrong, please give a concrete example of how it could be done <snip something about home directories on samba shares>
Obviously your scenario is just wrong. I think you need to do a little research into both AD and NDS and some Network Operating System concepts.... You are thinking server and machine centric not network centric... e.g. NT user accounts are frequently dynamically created on the local machine on login and the account removed on logout, accounts and their settings exist on the network NOT the machine (I am unaware of anything similar on *NIX). The approach has its problems but works well enough...
Been there, done that, used automount, which is capable of using dynamic share names, worked perfectly - no need to create home directories on each machine, no need for local root access
Including maintainable cifs login credentials? We are talking cifs/Windows server integration... The main issue with cifs in its current form is that credentials are passed via the mount point definition as username and password in plain text, or via text file containing these details in plain text. If you change the credentials you have to change the mount point definition (or the credentials file used in the mount definition).. (a second problem is that these credentials either have to be maintained locally, or acquired from a network source somehow)... Unless everyone has the same username and password, and you do not allow users to change cifs passwords this is problematic.... (If you know a way of getting round this one I would love to know it).. There is apparently the option of using LDAP automount entries for automount mapping but I have absolutely no idea whether this is practical with cifs. The pam_mount option is probably currently best as credentials should then be passed at login, and credentials maintenance should disappear as an immediate issue ... I think this started as a comment on why cifs did not conform to expected *NIX behaviour, I think the underlying point is that cifs is NOT a *NIX filesystem, the protocols and behaviour are defined in Redmond to work with M$ systems. To work well from *NIX they have to adopt in part expected aspects of that behaviour... - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHC+DKasN0sSnLmgIRAsBSAKDHfWjLa9Xe4ifUzOgcmTWEslBgEQCg15/R tGVb8XeIyMIhg5ffWMKUOEA= =JlkT -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 09 October 2007 11:23:56 G T Smith wrote:
Anders Johansson wrote:
On Monday 08 October 2007 10:54:41 G T Smith wrote:
Anders Johansson wrote:
On Sunday 07 October 2007 14:23:50 G T Smith wrote:
Unfortunately if you can disconnect a resource, you can also reconnect something else at the same point, and that could be a security issue. If the location is taken it makes it more difficult (but not impossible) to hijack.
No you can't, because linux will only allow you to mount things as a user when permission is explicitly given in fstab. Which means the worst they could do is remount the same resource
If you think this is wrong, please give a concrete example of how it could be done
<snip something about home directories on samba shares>
Obviously your scenario is just wrong.
I think you need to do a little research into both AD and NDS and some Network Operating System concepts.... You are thinking server and machine centric not network centric... e.g. NT user accounts are frequently dynamically created on the local machine on login and the account removed on logout, accounts and their settings exist on the network NOT the machine (I am unaware of anything similar on *NIX). The approach has its problems but works well enough...
First of all, for the kind of shares you're talking about, there are the non-mounted resources (smb:// in various browsers and vfs implementations). You can't have your home directory on samba anyway (or at least you shouldn't). So that eliminates your scenario
If the directory is mounted on login there is no real reason why you should not either.
You are obviously completely unfamiliar with concept of the hotdesk. Let me spell it out ... user does not have own machine, user may have own resources and own role in organisation, user must be able sit down and use any machine in a pool of machines and use as own... This is commonly used in teaching institutions, call centres, and other variants of cubicle land... And are you seriously suggesting that in organisation with several hundred users that you set up several hundred home directories (and associated accounts) on each machine in the pool?
The browser is an approach with limitations. For it to work with reasonable safety any settings need to travel with the user and not be tied to the machine.
Oddly enough this is something fairly easy to do with Windows with AD or NDS...
Secondly, one single mount point for all users is just bad, it won't work.
There are a number of references to this type of configuration around with NFS, there is usually a single mount point but is lower down the hierarchy on the server end and in theory you should only see the material pertinent to the logged in user.
That's not a single mountpoint, that is autofs at work. It dynamically creates mount points as and when needed. It seems to me this is exactly what you're looking for
There have various ways of presenting a file system across a network for a long time in *NIX world, but they do not really fit more recent desktop use models.
I'm sorry, but are you referring here to the early 70s method of assigning letters like C:, F: and so on to shares? That's hardly the ultramodern approach here. Which part of this is "more recent desktop use model"? You can say that things like Documents and settings should come from a server, which is about as close to the kind of mounting you can do in *NIX that you can get on a windows machine. I don't see why you say that this can't be done on linux. It has been possible for a very long time, as far as I can see We already have roaming users, with several hundred users. It works like a charm, as far as I can see. I can sit down on any machine, log in, and get my own desktop -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
G T Smith wrote:
I think you need to do a little research into both AD and NDS and some Network Operating System concepts.... You are thinking server and machine centric not network centric... e.g. NT user accounts are frequently dynamically created on the local machine on login and the account removed on logout, accounts and their settings exist on the network NOT the machine (I am unaware of anything similar on *NIX). The approach has its problems but works well enough...
Come now, we were using automount on linux back at the university where I worked in 1995, with a central nis server where all accounts were managed, and all home directories on a central unix file server, exported via nfs and samba. No matter which unix machine I logged into (sun, sgi, linux) I got my same home directory, and it was all quite seamless. For those logging into pee cees, the samba home directories were accessible as network drives. This is old, old news in the unix world. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sloan wrote:
G T Smith wrote:
I think you need to do a little research into both AD and NDS and some Network Operating System concepts.... You are thinking server and machine centric not network centric... e.g. NT user accounts are frequently dynamically created on the local machine on login and the account removed on logout, accounts and their settings exist on the network NOT the machine (I am unaware of anything similar on *NIX). The approach has its problems but works well enough...
Come now, we were using automount on linux back at the university where I worked in 1995, with a central nis server where all accounts were managed, and all home directories on a central unix file server, exported via nfs and samba.
No matter which unix machine I logged into (sun, sgi, linux) I got my same home directory, and it was all quite seamless. For those logging into pee cees, the samba home directories were accessible as network drives.
This is old, old news in the unix world.
Joe
Hmm... mounting a network drive as a local user is a bit different from the dynamic creation of an account with appropriate local rights on the machine.... (and removal of that account afterwards)...I have a vague recollection that the NIS database acts as a kind of super central /etc/passwd file among other things.... and I am not really certain it completely qualifies as NOS in the X500/ND/AD sense, but more as central authentication mechanism... As I said elsewhere I had forgotten about this. The institution I worked for after this passively discouraged use of NFS/NIS in favour of X and terminal access (apparently on security grounds), but it was mainly a DEC/IBM/(and later PC) shop with a limited UNIX presence for some central services and special uses only. Linux on PCs had little or no presence (and was viewed by some of those in the UNIX side with a little hostility), and to be honest it was not until about 2000 my periodic looks at Linux started showing up something that I thought might be useful. - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHC+K+asN0sSnLmgIRAqlDAKCQ/EQsaQ8CpHwrSNv/An+0eyuOkACgz5R/ v/H508qzMfuOwLvUeo5aENs= =Zx1Q -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
G T Smith wrote:
No matter which unix machine I logged into (sun, sgi, linux) I got my same home directory, and it was all quite seamless. For those logging into pee cees, the samba home directories were accessible as network drives.
Hmm... mounting a network drive as a local user is a bit different from the dynamic creation of an account with appropriate local rights on the machine.... (and removal of that account afterwards)... There was no "mounting" activity on the user's part; his home directory automagically on the machine appeared when he logged in, and disappeared when he logged out. So in a sense it was "removed afterwards".
As I said elsewhere I had forgotten about this. The institution I worked for after this passively discouraged use of NFS/NIS in favour of X and terminal access (apparently on security grounds), but it was mainly a DEC/IBM/(and later PC) shop with a limited UNIX presence for some central services and special uses only. Hmm, we also had diskless X workstations, but still, they all used nfs filesystems and nis user authentication. Of course nowadays, nis is being phased out in favor of ldap, but the concept remains the same.
Linux on PCs had little or no presence (and was viewed by some of those in the UNIX side with a little hostility)
Yikes, sounds like a confusion in terminology - our unix staff discovered linux and became fans early on. Eventually the CS department replaced solaris, and ran the core services on linux, which served as the unix side of the "pee cee to unix connectivity" paradigm on our network. Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 10/07/2007 03:45 AM, Ron Eggler wrote:
Okay I did q chmod u+s for /sbin/mount.cifs and /sbin/umount.cifs. Umounted /mnt/data as root and mounted it back on with mount -a and then tried to umount as user but still would tell me "not permitted to unmount"... :( Thanks for any other ideas.... Have you checked out using /etc/samba/smbfstab and the smbfs service?
-- Joe Morris Registered Linux user 231871 running openSUSE 10.2 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Joe Morris (NTM) wrote:
On 10/07/2007 03:45 AM, Ron Eggler wrote:
Okay I did q chmod u+s for /sbin/mount.cifs and /sbin/umount.cifs. Umounted /mnt/data as root and mounted it back on with mount -a and then tried to umount as user but still would tell me "not permitted to unmount"... :( Thanks for any other ideas.... Have you checked out using /etc/samba/smbfstab and the smbfs service?
I doubt this would help, smbfstab is a security related option with cifs, and smbfs support via smbmount is no longer part of the SuSE distribution (and is generally depreciated anyway). IIRC There is the fuse smb support but that is a bit slow ... - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHCLxAasN0sSnLmgIRAlMcAJ9vS3klhgVcKvWO+uaNVw/5GfqidQCfdPBV k8CkNj3D9CtA3ixmRmUPNGk= =R+TE -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ron Eggler wrote:
On Saturday 06 October 2007 01:25:29 am G T Smith wrote:
Ron Eggler wrote:
On Friday 05 October 2007 01:51:10 am G T Smith wrote: [snip]
<snip>
umount.cifs as you have on mount.cifs. But I have set both with"sudo chmod +s /sbin/umount.cifs" I don't know what else i can do, i'm getting desperate :( Thanks for your help! a) Have you checked the suid has actually been set... b) the info entry on chmod documents the possibility of using u+s rather than +s... (setting suids is something I do rarely)
They are the same, aren't they?
reg@desktop-reg:~> ls -n /sbin/umount.cifs -rwsr-sr-x 1 0 0 14416 2007-06-29 04:51 /sbin/umount.cifs reg@desktop-reg:~> ls -n /sbin/mount.cifs -rwsr-sr-x 1 0 0 22928 2007-06-29 04:51 /sbin/mount.cifs Thanks for any further help!
What I'm trying to do by the way is: Get my cifs mounts umounted before my server gets shutdown and i shoutdown my server with a "shutdown" command in my ~/,kde/shutdown directory. I've tried shutting it down with a "S" init script in /etc/init.d/rc5.d or /etc/init.d/rc0.d but this didn't work fine so i decided to do it the KDE way. Now before executing the shutdown command for my server i want to umount the shares (and since I'm a user at this time, i need to be able to umount em as user).
Thanks for help or suggestions.
My first question is why do this? The funny thing about cifs is this kind of event is supposed to be handled anyway. Provided you are not actually modifying something on the cifs mount when the server end shuts down you should not get too many problems. While the server is down you will get complaints about unavailable resources, but when the server comes back you should not notice it has been away (at least in theory, in practice this can be a different story :-) ). - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHCKQMasN0sSnLmgIRAsfnAJ9RJu0ZP6Rhv4wQu898jy19UK+zZwCg8Gn0 0ScG0sQ5pW8BphjFk35EIKA= =J13m -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sunday 07 October 2007 02:17:00 am G T Smith wrote:
Ron Eggler wrote:
On Saturday 06 October 2007 01:25:29 am G T Smith wrote:
Ron Eggler wrote:
On Friday 05 October 2007 01:51:10 am G T Smith wrote: [snip]
<snip>
umount.cifs as you have on mount.cifs.
But I have set both with"sudo chmod +s /sbin/umount.cifs" I don't know what else i can do, i'm getting desperate :( Thanks for your help!
a) Have you checked the suid has actually been set... b) the info entry on chmod documents the possibility of using u+s rather than +s... (setting suids is something I do rarely)
They are the same, aren't they?
reg@desktop-reg:~> ls -n /sbin/umount.cifs -rwsr-sr-x 1 0 0 14416 2007-06-29 04:51 /sbin/umount.cifs reg@desktop-reg:~> ls -n /sbin/mount.cifs -rwsr-sr-x 1 0 0 22928 2007-06-29 04:51 /sbin/mount.cifs Thanks for any further help!
What I'm trying to do by the way is: Get my cifs mounts umounted before my server gets shutdown and i shoutdown my server with a "shutdown" command in my ~/,kde/shutdown directory. I've tried shutting it down with a "S" init script in /etc/init.d/rc5.d or /etc/init.d/rc0.d but this didn't work fine so i decided to do it the KDE way. Now before executing the shutdown command for my server i want to umount the shares (and since I'm a user at this time, i need to be able to umount em as user).
Thanks for help or suggestions.
My first question is why do this? The funny thing about cifs is this kind of event is supposed to be handled anyway. Provided you are not actually modifying something on the cifs mount when the server end shuts down you should not get too many problems.
So you're saying that when i copy files on my cifs share it finishes up the whole copy process as soon as my server system gets shutdown, right? I'm referring to file transfers on USB sticks where the stick gets pulled out of the USB slot without umounting and when plugging it back in, you realize that the files aren't there because the sync (copy) wasn't finished. Or should i just execute a "sync" before executing the remote shutting command, would this help? Thanks lots! Ron -- chEErs Ron -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ron Eggler wrote:
On Sunday 07 October 2007 02:17:00 am G T Smith wrote:
Ron Eggler wrote:
On Saturday 06 October 2007 01:25:29 am G T Smith wrote:
Ron Eggler wrote:
On Friday 05 October 2007 01:51:10 am G T Smith wrote: [snip] <snip>
<snip>
My first question is why do this? The funny thing about cifs is this kind of event is supposed to be handled anyway. Provided you are not actually modifying something on the cifs mount when the server end shuts ^^^^^^^^^^^^^^^^^^ down you should not get too many problems.
So you're saying that when i copy files on my cifs share it finishes up the whole copy process as soon as my server system gets shutdown, right?
<snip>
er.. not quite... It most cases once it is copied, it is on the server (whether you can use it or not is a different story, Windows style file locking can generate its own form of grief :-) )... I dont think you can relate a client server network connection to a removable media device, the server should be aware of what is connected to it and negotiate a clean disconnect with connected clients when shutting down... AFAIK the intelligent(?) USB stick has not yet been made :-) However, we are talking real world and what is likely to happen is a bit more complex than that, depends whether you are talking to a Windows or Samba server, what the cacheing setup is and some other factors ... if the client for any reason does not negotiate quickly enough the server will pull the plug and the result could be messy but I doubt whether a client end umount would avoid that particular problem...
Thanks lots! Ron
- -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHCfZ7asN0sSnLmgIRAjJ7AKCnr4qQwlbwxbtrCpb3Va9NSopjSACg3G09 oH4y77zpBGAXmjOQcg59YIQ= =6XRU -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (9)
-
Anders Johansson
-
G T Smith
-
Jan Engelhardt
-
Joe Morris (NTM)
-
John E. Perry
-
Randall R Schulz
-
Roger Oberholtzer
-
Ron Eggler
-
Sloan