Mailinglist Archive: opensuse (2532 mails)
| < Previous | Next > |
Re: [opensuse] smbfs vs. cifs mounts to samba shares
- From: G T Smith <grahamsmith@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 08 May 2008 13:48:36 +0100
- Message-id: <4822F6A4.30404@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David C. Rankin wrote:
<script snipped>
Firstly, personally I would not explicitly place the credentials on the
mount (or mount.cifs) command line. Below is something I use that has
worked for me so far without any samba related problems, which may give
some ideas. (BTW This is part of a rather longer batch script that does
a few mounts and other things, which is why there is an error count and
the mount command parameters are defined in variables and are exported).
export CIFMOUNT="-t cifs -o
credentials=${HOME}/gtslog,uid=${USER},gid=users,setuids,rw"
export CIFSERVER="//GTSDual.gtshome/"
if mount ${CIFMOUNT} ${CIFSERVER}homes ${HOME}/GTSDual
then
echo 'mount GTSDual OK'
echo '================'
else
echo 'mount GTSDual failed'
echo "++++++++++++++++++++ Fail Count: $((++CONFAIL))"
fi
something similar could be introduced as part of a users initial login
sequence.... This should be OK if the uid and gid are synchronised and
the samba resource supports CIFS Extended Unix extensions (and you sort
out one way or another mounts security requirements).
In an ideal world one should not be in the position that *NIX uids and
gids are not synchronised if it was originally intended to deploy
networked resources (unfortunately it is not an ideal world, and in the
M$ world the opposite is the case and SID references are preferred to be
different on each workstation).
- --
==============================================================================
I have always wished that my computer would be as easy to use as my
telephone.
My wish has come true. I no longer know how to use my telephone.
Bjarne Stroustrup
==============================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFIIvakasN0sSnLmgIRAqZkAJwNycj77D7LWdRAvL/GKtIj3Qg69wCguZBT
3qA7mvX2w7VLjPCtsDkWZ+Y=
=t9uU
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
Hash: SHA1
David C. Rankin wrote:
James D. Parra wrote:
-----Original Message-----
From: David C. Rankin [mailto:drankinatty@xxxxxxxxxxxxxxxxxx]
WARNING, WARNING, the use of ,noperm will give root access to all cifs
mounted shares mounted with the ,noperm options. A stray chmod -R or
the like above
the mount point will work all the way down the mounted client as well...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks David. So what is a better way to mount with cifs, instead of
resorting back to smbfs? Use noacl and not noperm?
Best regards,
~James
James,
That is an excellent question, to which, I'll give a very straight
forward answer. "I don't know." Since all I have to worry about is
windows users, that question doesn't hit me from a user perspective. Of
course, I use cifs extensively for myself, but I do use the ,noperm.
That's how I found out that a stray recursive command above the mount
point can really screw up the entire mounted drive. I just use brief
scripts to mount drives and use .bashrc to do it. There is no reason you
couldn't have them execute on user login. The script I use is:
#!/bin/bash
device="/mnt/nirvana-cfg"
if mount | grep -q "on ${device} type"; then
echo "${device} already mounted"
else
mount.cifs //nirvana/config /mnt/nirvana-cfg/ -o
username=david,uid=1000,password=yourpassword,noperm
fi
<script snipped>
You can remove the noperm and still get access that provides better
protection against an accidental stray command. Fortunately, that is as
far as I have had to dive into the mess.
Firstly, personally I would not explicitly place the credentials on the
mount (or mount.cifs) command line. Below is something I use that has
worked for me so far without any samba related problems, which may give
some ideas. (BTW This is part of a rather longer batch script that does
a few mounts and other things, which is why there is an error count and
the mount command parameters are defined in variables and are exported).
export CIFMOUNT="-t cifs -o
credentials=${HOME}/gtslog,uid=${USER},gid=users,setuids,rw"
export CIFSERVER="//GTSDual.gtshome/"
if mount ${CIFMOUNT} ${CIFSERVER}homes ${HOME}/GTSDual
then
echo 'mount GTSDual OK'
echo '================'
else
echo 'mount GTSDual failed'
echo "++++++++++++++++++++ Fail Count: $((++CONFAIL))"
fi
something similar could be introduced as part of a users initial login
sequence.... This should be OK if the uid and gid are synchronised and
the samba resource supports CIFS Extended Unix extensions (and you sort
out one way or another mounts security requirements).
In an ideal world one should not be in the position that *NIX uids and
gids are not synchronised if it was originally intended to deploy
networked resources (unfortunately it is not an ideal world, and in the
M$ world the opposite is the case and SID references are preferred to be
different on each workstation).
- --
==============================================================================
I have always wished that my computer would be as easy to use as my
telephone.
My wish has come true. I no longer know how to use my telephone.
Bjarne Stroustrup
==============================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFIIvakasN0sSnLmgIRAqZkAJwNycj77D7LWdRAvL/GKtIj3Qg69wCguZBT
3qA7mvX2w7VLjPCtsDkWZ+Y=
=t9uU
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |