On Sat, Apr 28, 2012 at 7:02 AM, Jeff Layton <jlayton@xxxxxxxxx> wrote: > On Sat, 28 Apr 2012 14:42:35 +0400 > Pavel Shilovsky <piastryyy@xxxxxxxxx> wrote: > >> Hi! >> >> Now CIFS client doesn't enforce uid and gid permission from the >> process that create file by default (new files are created with mount >> user permission) and it can be 'fixed' by setuids/setgids mount >> option. Why this options should not be by default? I think it >> contradict POSIX. >> > > Welcome to the morass that we call "the cifs.ko permissions model". > > The reason we don't do that by default is because it doesn't work. What > happens is that the client does a unix SetPathInfo call to try and > chown the file, but in order to chown() a file on unix, you need > superuser permissions. > > Once the session setup is done, the server daemon will usually setuid() > itself to the user you're mounting as, and at that point you don't have > permissions to chown anymore. > > What "setuids" also does is to "fake up" the ownership of the inode > temporarily just after creation. That's just a hack though -- as soon as > the attributes are fetched from the server again, that goes away, so > results with that are inconsistent. > > Ha, and it looks like "setuids" is broken when you create files in > cifs_lookup anyway! Maybe someone should fix that sometime... > > In any case, I maintain that the only *real* fix for all of these > permissions problems is to both: > > 1) have users use the correct credentials when they talk to the server. > Files get created with the correct ownership this way. > > 2) stop trying to enforce permissions on the client. It's racy and just > gets in the way. Permissions can only be correctly enforced by the > server. > > This is what the "multiuser" mount option does. If anything, I'd rather > see a transition to that being the default. It's the only sane > solution, IMO. I think moving to multiuser as default for SMB2 mounts, for example, would be logical (and probably cifsacl as well, and of course noperm checking on the client) - not sure we want to change the cifs mount defaults quickly but makes sense for smb2 (and reduces complexity). -- Thanks, Steve -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
