>> UID/GID mapping between client and server and permission control is a general security challenge for >> Network file systems. That's not specific to CIFS, NFS has similar problems. Global identities. Don't set up Samba (etc.) to create local ones. >> Yet aufofs has had the "-hosts" map for a long time. Should _only_ ever be used on admin hosts for admin tasks as it hard-wires physical locations into pathnames (one of the things which automount is able to remove). >> Depending on configuration, CIFS won't let you mount anything without credentials. You may have to be authorized >> just to see the list of shares. So are you saying that the example you were giving, to use multiuser on a cifs mount, was so that the mount could take place under the user's Kerberos credentials (which might work) rather than root's (who might not have them)? But that once the mount was in place each user's access would be under their own credentials (assuming they have them)? In which case I'd agree that this isn't a security issue. ________________________________ This e-mail was sent by GlaxoSmithKline Services Unlimited (registered in England and Wales No. 1047315), which is a member of the GlaxoSmithKline group of companies. The registered address of GlaxoSmithKline Services Unlimited is 980 Great West Road, Brentford, Middlesex TW8 9GS. -- To unsubscribe from this list: send the line "unsubscribe autofs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
