Remote mount permission question

E K ekg_ab-FFYn/CNdgSA at public.gmane.org
Tue May 27 13:42:16 UTC 2008


I was mounting it as Samba using
   smbmont <share> <mount point> -o credentials=smbcred

in my ~/.profile file. It apprears that the mount is executed by root
and the shares are mounted by root. All the file that I create on the
remote server are owned by root and yet the group is my group on the
server.

Cheers,

EK




--- Tyler Aviss <tjaviss-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:

> Are you mounting it as Samba or CIFS?
> 
> As for NFS, the permissions are based on how the remote UID's map
> to
> the local ones. It's actual fairly insecure in that way (it assumes
> that a machine a permitted segment is supposed to be there). So if
> you're root on the local machine, then you'll be root on the remote
> machine as well unless no_root_squash is set under the share
> (/etc/exports).
> 
> CIFS seems to work like NFS. When I used it,  I expected to inherit
> the permissions of the user I was connecting as, but CIFS pulled
> through actual ownership/permissions info on the share+files.
> If you're using something like SMB4k to browser the shares, check
> if
> it's set to use samba or CIFS. SMB on the other hand, just acts as
> whatever user you connected as.
> 
> 
> Does that help, or am I misunderstanding the problem?
> 
> 
> 
> 
> On Mon, May 26, 2008 at 12:45 PM, E K <ekg_ab-FFYn/CNdgSA at public.gmane.org> wrote:
> > Hi all,
> >
> > Suppose I mounted a samba or NFS share as root on my local
> machine
> > (as root) and the share is owned by user dj group dj who is an
> > ordinary user on the server. Let there be a subdirectory with
> > permission 700 under the share that I mounted. Logically, I
> should
> > not have access to that directory on the server (since the
> permision
> > on the server does not allow access to anyone but the owner.)
> >
> > However, what I have observed is that the local permission
> over-rides
> > the remote permision and since I mounted the share as root, I can
> do
> > whatever I want with that directory or any subdirectory of it.
> Isn't
> > that a huge security problem? Or am I missing something here?
> >
> >
> > EK
> >
> >
> >
> >     
> __________________________________________________________________
> > Ask a question on any topic and get answers from real people. Go
> to Yahoo! Answers and share what you know at
> http://ca.answers.yahoo.com
> > --
> > The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> > TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> > How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
> >
> 
> 
> 
> -- 
> Tyler Aviss
> Systems Support
> LPIC/LPIC-2
> (647) 302-0942
> --
> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
> 



      __________________________________________________________________
Looking for the perfect gift? Give the gift of Flickr! 

http://www.flickr.com/gift/
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list