Re: [PATCH] cifs: on multiuser mount, set ownership to current_fsuid/current_fsgid (try #5)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Oct 8, 2010 at 6:11 AM, Jeff Layton <jlayton@xxxxxxxxxx> wrote:
> On Thu, 7 Oct 2010 22:25:23 -0500
> Steve French <smfrench@xxxxxxxxx> wrote:
>
>> One case does seem strange - I forgot what happens when you specify a
>> mnt_uid of 0 (root)
>>
>
> Oof, you're right... we should base this on CIFS_MOUNT_OVERR_UID and
> CIFS_MOUNT_OVERR_GID flags instead. I'll send a fixed patch once I've
> tested it.
>
> Now that I think about this though, maybe we shouldn't do this based on
> CIFS_MOUNT_MULTIUSER but instead on CIFS_MOUNT_NO_PERM? It would mean
> a behavior change for anyone currently "-o noperm" on a mount without
> unix extensions but I think it would make a bit more sense than special
> casing CIFS_MOUNT_MULTIUSER here.

When the MOUNT_NO_PERM is not set (ie where both client and server
evaluate permissions) I agree that it doesn't make sense to change
uids on the fly (to current_fsuid) since it becomes almost meaningless
to set and evaluate a mode if we are always owner.   For the case
where you MOUNT_NO_PERM, I lean toward the following heirarchy:

1) report the uid owner that the admin tells us to report.  In some
cases admins won't know what they are doing, and won't know when to
set a uid on mount, but if we want to help the admin decide whether to
override it or not, we could do the warnings in the user space
helpers.

... if no uid specified on mount then:

2) report the "correct" uid if we can
    - if the unix extensions are on (eventually we can do the
"WHO_AM_I" cifs unix extension call and/or use the domain name of the
server and/or winbind upcall as hints to see if we are not in the same
uid namespace).
   - when we have an upcall to winbind or uid mapping info, we can do
this for Windows servers as well

... if no uid specified on mount and we don't know the right uids

3) report a "default uid"
    - for the noperm multiuser case we could report the current user,
seems reasonable
   - for the case where it is noperm but not multiuser, we are sending
the mount users credentials on every operation, so new files will be
created as that user - probably better to still report the user who
did the mount as owner since those are the credentials used
    - otherwise whoever did the mount is the default user

-- 
Thanks,

Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux