https://bugzilla.novell.com/show_bug.cgi?id=698288
https://bugzilla.novell.com/show_bug.cgi?id=698288#c1
john woodhouse changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P5 - None |P1 - Urgent
--- Comment #1 from john woodhouse 2011-06-06 16:36:03 UTC ---
There is a partial work around for this. Obtain mount.cifs from 11.2 and
replace the newer version with it. Suid and owner root need to be set. Some
security can be gained by forming a group with root and the intended user/users
in it. This is then used as the owning group for mount.cifs. Only members of
this group can then use the command. Umount.cifs which is not included in 11.4
can be installed in the same manner.
This arrangement leaves a few problems.
Each time the mount is used it creates a fresh connection to the mapped folder
even if one already exists. This can be confusing as unmount doesn't appear to
do anything until it has been used the same number of times.
As this mount command appears to take no notice of fstab entries a user in
principle could use it to mount any cifs service providing they have the
servers account password. Really this is secure enough in principle but an
fstab entry per user could prevent a user from making use of another users
password. The same effect can be gained by having a separate group for each
individual user. Eg one group say nas1 might include root and user john,
another nas2 might be root and deborah and so on. These can then be used to set
the ownership etc of shell scripts for each user.
I suspect this area is tied up with the samba problems mentioned above or it
could be kde. The advantages of a native file type effectively given by
mount.cifs is pretty obvious at a user level. No long server search mount
delays and near instantaneous access times from within applications and from
the desktop. There is also no need to leave passwords lying about in machines
other than in the server where they should be truly secure.
;-) Having just read the bug entry wish I could edit it. For one read own. Hope
there are no more.
----
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.