[Bug 698288] mount.cifs is crippled / broken

https://bugzilla.novell.com/show_bug.cgi?id=698288 https://bugzilla.novell.com/show_bug.cgi?id=698288#c1 john woodhouse changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P1 - Urgent --- Comment #1 from john woodhouse 2011-06-06 16:36:03 UTC --- There is a partial work around for this. Obtain mount.cifs from 11.2 and replace the newer version with it. Suid and owner root need to be set. Some security can be gained by forming a group with root and the intended user/users in it. This is then used as the owning group for mount.cifs. Only members of this group can then use the command. Umount.cifs which is not included in 11.4 can be installed in the same manner. This arrangement leaves a few problems. Each time the mount is used it creates a fresh connection to the mapped folder even if one already exists. This can be confusing as unmount doesn't appear to do anything until it has been used the same number of times. As this mount command appears to take no notice of fstab entries a user in principle could use it to mount any cifs service providing they have the servers account password. Really this is secure enough in principle but an fstab entry per user could prevent a user from making use of another users password. The same effect can be gained by having a separate group for each individual user. Eg one group say nas1 might include root and user john, another nas2 might be root and deborah and so on. These can then be used to set the ownership etc of shell scripts for each user. I suspect this area is tied up with the samba problems mentioned above or it could be kde. The advantages of a native file type effectively given by mount.cifs is pretty obvious at a user level. No long server search mount delays and near instantaneous access times from within applications and from the desktop. There is also no need to leave passwords lying about in machines other than in the server where they should be truly secure. ;-) Having just read the bug entry wish I could edit it. For one read own. Hope there are no more. ---- -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.