![](https://seccdn.libravatar.org/avatar/aa64a4e451ce67be9dadac622c2ea103.jpg?s=120&d=mm&r=g)
Hi Roger There are two sets of permissions, there are also two users involved. 1. the local permissions of the local user (assigned at mounttime). 2. The remote permissions of the remote user you use to login on the file server. And additional the restrictions you have set in the sambaserver. The local permissions are handled local. Stop The remote permisions are handled remote. Stop The lesser privs win ! Succes, Hans On 19/03/10 16:31, Roger Oberholtzer wrote:
I have no problems mounting cifs file systems and assigning ownership to the files to some user (via mount command parameters). I am now hoping to set up something a bit more complex and am unsure how best to proceed.
I have an openSUSE 11.2 system that authenticates users via an MS Active Directory. This works fine. Users log in and a home is created on the fly. It literally has a life of it's own. Which is great.
In this setup, there are a number of shared drives that all users attach to on their Windows PCs. They want the same capability when they log in on Linux. The drives are the same for all users. The permissions for reading and writing are maintained in the AD based on the user. And there is the problem: on a Windows PC, only one person is usually logged in and thus gets the correct permissions on that PC. On the Linux box, perhaps more than one person will log in at a time. How to sort out the cifs file system permissions?
I am guessing that such sharing is not really part of the cifs client mount capabilities.
So, I have been considering doing the following. All the AD logins are in the Linux 'users' group. If I set the default file permissions so that the group has the permissions I am after, the members of the group should be able to play nice together. The limitations I see are:
1. no one gets more permissions than the user cifs used to mount the file system, independent of their AD permissions.
2. some users who might not have permissions in the AD will get them if the user cifs used when mounting the file system had those extra permissions.
Is there perhaps a more obvious way that I have not figured out? Like mounting these cifs file systems multiple times, one for each user, using their AD authentication? I really want these to be mounted automatically when the user logs in. The password for the remote cifs will be the same as the one they logged in with (as they were authenticated in that AD), but I am guessing they will have to enter it again for the mounting, right? I usually see autofs mentioned in these parts. How does that deal with the authentication?
I think this is the last major part of the puzzle for me using AD with Linux.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org