Remote mount permission question
Tyler Aviss
tjaviss-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Mon May 26 18:24:47 UTC 2008
Are you mounting it as Samba or CIFS?
As for NFS, the permissions are based on how the remote UID's map to
the local ones. It's actual fairly insecure in that way (it assumes
that a machine a permitted segment is supposed to be there). So if
you're root on the local machine, then you'll be root on the remote
machine as well unless no_root_squash is set under the share
(/etc/exports).
CIFS seems to work like NFS. When I used it, I expected to inherit
the permissions of the user I was connecting as, but CIFS pulled
through actual ownership/permissions info on the share+files.
If you're using something like SMB4k to browser the shares, check if
it's set to use samba or CIFS. SMB on the other hand, just acts as
whatever user you connected as.
Does that help, or am I misunderstanding the problem?
On Mon, May 26, 2008 at 12:45 PM, E K <ekg_ab-FFYn/CNdgSA at public.gmane.org> wrote:
> Hi all,
>
> Suppose I mounted a samba or NFS share as root on my local machine
> (as root) and the share is owned by user dj group dj who is an
> ordinary user on the server. Let there be a subdirectory with
> permission 700 under the share that I mounted. Logically, I should
> not have access to that directory on the server (since the permision
> on the server does not allow access to anyone but the owner.)
>
> However, what I have observed is that the local permission over-rides
> the remote permision and since I mounted the share as root, I can do
> whatever I want with that directory or any subdirectory of it. Isn't
> that a huge security problem? Or am I missing something here?
>
>
> EK
>
>
>
> __________________________________________________________________
> Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com
> --
> The Toronto Linux Users Group. Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>
--
Tyler Aviss
Systems Support
LPIC/LPIC-2
(647) 302-0942
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list