On Mon, 29 Aug 2011 20:11:13 -0500 Steve French <smfrench@xxxxxxxxx> wrote: > On Mon, Aug 29, 2011 at 7:29 PM, Jeff Layton <jlayton@xxxxxxxxx> wrote: > > On Mon, 29 Aug 2011 16:24:33 -0500 > > Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> wrote: > > > >> On Tue, Aug 23, 2011 at 8:15 AM, Jeff Layton <jlayton@xxxxxxxxx> wrote: > >> > On Mon, 22 Aug 2011 08:33:49 -0500 > >> > Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> wrote: > >> > > >> >> On Fri, Aug 12, 2011 at 11:33 AM, <shirishpargaonkar@xxxxxxxxx> wrote: > >> >> > From: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> > >> >> > > >> >> > > >> >> > Add mount option backup. > >> >> > > >> >> > It allows an authenticated user to access files with the intent to back them > >> >> > up including their ACLs, who may not have access permission but has > >> >> > "Backup files and directories user right" on them (by virtue of being part > >> >> > of the built-in group Backup Operators. > >> >> > > >> >> > If an authenticated user is not part of the built-in group Backup Operators > >> >> > at the server, access to such files is denied. > >> >> > > >> >> > > >> >> > Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> > >> >> > --- > >> >> > >> >> > >> >> Jeff, Steve, > >> >> > >> >> Any comments on this patch (and manpage patch in cifs-utils)? > >> >> > >> > > >> > This seems like a really nasty kludge. It doesn't seem like the > >> > implications of this have been carefully considered. > >> > > >> > What happens I mount with the "backup" flag and do not have the > >> > necessary permissions on the server to use the flag in an open? Will > >> > this new flag be mutually exclusive with "multiuser"? > >> > > >> > One idea that might be better is to come up with way to mark certain > >> > (unix) users with the appropriate flag. If all the backup users were in > >> > a certan group, for instance, then you could use that info to decide > >> > whether to set the flag in the open calls. > >> > > >> > -- > >> > Jeff Layton <jlayton@xxxxxxxxx> > >> > > >> > >> Jeff, one comment, it is not the (unix) user that matters, it is the > >> user on the server (authenticated) user at the server because the > >> user right to access a file in backup mode can be granted only > >> to a user at the server. > >> > > > > Right, I realize that. > > > >> I think care should be taken to make sure that backup and > >> multiuser are mutually exclusive mount options in mount.cifs. > >> > > > > My objection here is more fundamental... > > > > This patchset lends itself to a single, specific use. You can create a > > mount that you want to use for backups. Typically, when running backups > > like this you also intend for this mount to be used by only one (unix) > > user. > > > > Adding a "backup" option is tantamount to adding extra privileges to > > this mount for anyone who accesses it. However, it's not clear to me > > how these extra privileges will be secured from other users that don't > > necessarily need them. > > > > It seems to me that it would be far more useful to find a way to only > > add these extra "backup" permissions for certain unix users that are > > accessing the mount. > > > > Does that make sense? > > I don't object to defaulting backup mounts to mode 0700 if that is what > you are suggesting ...? > That's not at all what I'm suggesting. What if unix extensions are in force? Relying on local permissions enforcement to prevent access to the mount is always very problematic. -- Jeff Layton <jlayton@xxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
