[Bug 698288] New: mount.cifs is crippled / broken
https://bugzilla.novell.com/show_bug.cgi?id=698288 https://bugzilla.novell.com/show_bug.cgi?id=698288#c0 Summary: mount.cifs is crippled / broken Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: i686 OS/Version: openSUSE 11.4 Status: NEW Severity: Major Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: a.johnw@yahoo.com QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Opera/9.80 (X11; Linux x86_64; U; en-GB) Presto/2.8.131 Version/11.10 Mount.cifs is currently in a state where a user needs the root password to log into a nas (for instance) using their one access pass word. Reproducible: Always Steps to Reproduce: 1.Set up a user account on a nas 2.Create a a user folder on client machine to mount to 3.Try any means short of the work around to allow a user to mount it Actual Results: Impossible for user to mount the nas or server without running as root Expected Results: Account mounted One of the reasons samba.org produced this utility was for nas type use and or discless work stations. It is stand alone and gives much quicker access than samba. Currently samba and the kde network drive connect will not give read and write capabilities to the files on the server to many applications. Kwrite is the only one I have that is fully functional in this respect. The .desktop file incantations to allow some applications such as vlc to do this do not work and aren't appropriate to others such as the gimp. These comments also relate to click launches of files on the nas. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=698288 https://bugzilla.novell.com/show_bug.cgi?id=698288#c1 john woodhouse <a.johnw@yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P1 - Urgent --- Comment #1 from john woodhouse <a.johnw@yahoo.com> 2011-06-06 16:36:03 UTC --- There is a partial work around for this. Obtain mount.cifs from 11.2 and replace the newer version with it. Suid and owner root need to be set. Some security can be gained by forming a group with root and the intended user/users in it. This is then used as the owning group for mount.cifs. Only members of this group can then use the command. Umount.cifs which is not included in 11.4 can be installed in the same manner. This arrangement leaves a few problems. Each time the mount is used it creates a fresh connection to the mapped folder even if one already exists. This can be confusing as unmount doesn't appear to do anything until it has been used the same number of times. As this mount command appears to take no notice of fstab entries a user in principle could use it to mount any cifs service providing they have the servers account password. Really this is secure enough in principle but an fstab entry per user could prevent a user from making use of another users password. The same effect can be gained by having a separate group for each individual user. Eg one group say nas1 might include root and user john, another nas2 might be root and deborah and so on. These can then be used to set the ownership etc of shell scripts for each user. I suspect this area is tied up with the samba problems mentioned above or it could be kde. The advantages of a native file type effectively given by mount.cifs is pretty obvious at a user level. No long server search mount delays and near instantaneous access times from within applications and from the desktop. There is also no need to leave passwords lying about in machines other than in the server where they should be truly secure. ;-) Having just read the bug entry wish I could edit it. For one read own. Hope there are no more. ---- -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=698288 https://bugzilla.novell.com/show_bug.cgi?id=698288#c zj jia <zjjia@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |zjjia@novell.com AssignedTo|bnc-team-screening@forge.pr |samba-maintainers@SuSE.de |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=698288 https://bugzilla.novell.com/show_bug.cgi?id=698288#c2 David Disseldorp <ddiss@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED CC| |ddiss@novell.com Resolution| |WONTFIX --- Comment #2 from David Disseldorp <ddiss@novell.com> 2011-06-16 16:38:10 UTC --- Thanks for your report John. mount.cifs ships with the ability to run as setuid root disabled due to security concerns. For an explanation of why upstream developers made this decision, please see the samba.org mail thread: http://lists.samba.org/archive/samba/2010-April/154921.html -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=698288 https://bugzilla.novell.com/show_bug.cgi?id=698288#c3 --- Comment #3 from john woodhouse <a.johnw@yahoo.com> 2011-06-17 19:25:33 UTC --- Ok. I have looked around on the web for more information on this subject and found the following: CIFS was incorporated into the kernel for diskless work stations and such like. It along with mount-cifs the helper is stand alone. On security issues I couldn't really find anything definitive. Some mention of passwords but samba is often used in the same way. I think it's important to realise that the objective here is not to share but to provide access to a network disc of one sort or another. Samba is for sharing and as a consequence has several knock on effects from a users point of view. As such I feel that an uncrippled version should form a part of a distribution for those people that wish to use it. As things stand it seems that a user must compile a version themselves. My only security concern was that I couldn't change the access rights of the mapped folder. Out of interest while using samba and everything set up for nfs all transfers used cifs. This was down to me missing an important aspect of enabling nfs on my nas - the checkbox doesn't do anything until the code has been installed. Samba from a diskless workstation point of view which in many ways is very similar to using a nas has some side issues. Sharing when sharing isn't wanted, though shares can be maintained independently on a nas. Slower boots due to server searches. Slow loading of directory structures on the disk being accessed. And inability to use the link via some applications. Mount-cifs one the other hand is completely transparent in all respects. NAS's are rapidly becoming rather popular and really aught to be catered for without the involvement of samba as wonderful and cumbersome as it is. It's also interesting to note that windoze seems to have the same problems as samba. Wonder how long that will last. I haven't tried 7 yet. One infuriating aspect is that all nas's seem to run linux! ----- -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=698288 https://bugzilla.novell.com/show_bug.cgi?id=698288#c4 john woodhouse <a.johnw@yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |REOPENED Resolution|WONTFIX | --- Comment #4 from john woodhouse <a.johnw@yahoo.com> 2011-06-17 19:27:11 UTC --- Re opened in hope as per above. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=698288 https://bugzilla.novell.com/show_bug.cgi?id=698288#c6 Suresh Jayaraman <sjayaraman@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |a.johnw@yahoo.com --- Comment #6 from Suresh Jayaraman <sjayaraman@novell.com> 2011-07-12 11:36:34 UTC --- What is the version of cifs-utils you are running on 11.4? If you are using older version of cifs-utils from 11.2 or originally that shipped with 11.4, you have to update the package to the most recent version. The recent cifs-utils updates enabled setuid to mount.cifs. Please update the package and report whether it fixed the issue for you. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=698288 https://bugzilla.novell.com/show_bug.cgi?id=698288#c7 --- Comment #7 from Suresh Jayaraman <sjayaraman@novell.com> 2011-07-21 09:10:35 UTC --- Any updates? You still have problem with the latest version of cifs-utils? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=698288 https://bugzilla.novell.com/show_bug.cgi?id=698288#c8 --- Comment #8 from john woodhouse <a.johnw@yahoo.com> 2011-07-22 08:45:46 UTC --- I'm away at the moment. On the comment - the cifs mount and unmount extracted from the 11.2 rpm work fine on 11.4. No problems at all. On and off I have been trying to run them from a desktop icon - click - password - opens in dolphin and hopefully offers the opportunity to unmount when closed. C++ isn't my field how ever:-) so progress is slow. I will try extracting the new ones late next week. Sorry for delay. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=698288 https://bugzilla.novell.com/show_bug.cgi?id=698288#c9 Suresh Jayaraman <sjayaraman@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED InfoProvider|a.johnw@yahoo.com | Resolution| |FIXED --- Comment #9 from Suresh Jayaraman <sjayaraman@novell.com> 2011-07-22 11:57:17 UTC --- I verified that it is possible to setuid mount.cifs and use it with updated 11.4 (cifs-utils-4.6 and above). So, please update cifs-utils and setuid mount.cifs (as you need it) and use it to allow user to mount CIFS shares. I'll close this bug. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com