-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David C. Rankin wrote:
James D. Parra wrote:
-----Original Message----- From: David C. Rankin [mailto:drankinatty@suddenlinkmail.com] WARNING, WARNING, the use of ,noperm will give root access to all cifs mounted shares mounted with the ,noperm options. A stray chmod -R or the like above the mount point will work all the way down the mounted client as well... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks David. So what is a better way to mount with cifs, instead of resorting back to smbfs? Use noacl and not noperm?
Best regards,
~James
James,
That is an excellent question, to which, I'll give a very straight forward answer. "I don't know." Since all I have to worry about is windows users, that question doesn't hit me from a user perspective. Of course, I use cifs extensively for myself, but I do use the ,noperm. That's how I found out that a stray recursive command above the mount point can really screw up the entire mounted drive. I just use brief scripts to mount drives and use .bashrc to do it. There is no reason you couldn't have them execute on user login. The script I use is:
#!/bin/bash
device="/mnt/nirvana-cfg" if mount | grep -q "on ${device} type"; then echo "${device} already mounted" else mount.cifs //nirvana/config /mnt/nirvana-cfg/ -o username=david,uid=1000,password=yourpassword,noperm fi
<script snipped>
You can remove the noperm and still get access that provides better protection against an accidental stray command. Fortunately, that is as far as I have had to dive into the mess.
Firstly, personally I would not explicitly place the credentials on the mount (or mount.cifs) command line. Below is something I use that has worked for me so far without any samba related problems, which may give some ideas. (BTW This is part of a rather longer batch script that does a few mounts and other things, which is why there is an error count and the mount command parameters are defined in variables and are exported). export CIFMOUNT="-t cifs -o credentials=${HOME}/gtslog,uid=${USER},gid=users,setuids,rw" export CIFSERVER="//GTSDual.gtshome/" if mount ${CIFMOUNT} ${CIFSERVER}homes ${HOME}/GTSDual then echo 'mount GTSDual OK' echo '================' else echo 'mount GTSDual failed' echo "++++++++++++++++++++ Fail Count: $((++CONFAIL))" fi something similar could be introduced as part of a users initial login sequence.... This should be OK if the uid and gid are synchronised and the samba resource supports CIFS Extended Unix extensions (and you sort out one way or another mounts security requirements). In an ideal world one should not be in the position that *NIX uids and gids are not synchronised if it was originally intended to deploy networked resources (unfortunately it is not an ideal world, and in the M$ world the opposite is the case and SID references are preferred to be different on each workstation). - -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFIIvakasN0sSnLmgIRAqZkAJwNycj77D7LWdRAvL/GKtIj3Qg69wCguZBT 3qA7mvX2w7VLjPCtsDkWZ+Y= =t9uU -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org