This is a really good question and I think they should be allowed together. looking at cifs_sb_tlink in some detail, and also thinking about common scenarios and how to make them less confusing to the user I think they need to be supported together (optionally). As an example: Imagine a scenario in which two users access the same Linux client machine, and the machine is joined to the domain (and they login via sssd or winbind to Active Directory or equivalent). These users would want to be able access the server with the correct permissions for the particular user they are running as at the moment in a particular app, a particular process, on Linux. So as an example: ssh in to the client as kerberos admin_user@domain su root mount -t cifs //server/share /mnt -o sec=krb5,mfsymlinks,noperm,mutliuser,cruid=admin_user <any access to the mount as either root or the admin_user on the Linux client gets the expected permissions of "admin_user@domain") then in different session ssh in to the client as kerberos some_non_admin_user@domain <any access to the user from processes running as "some_non_admin_user" gets the expected permissions because with multiuser we automatically setup a session for him> If we didn't support cruid and mutliuser together then the user would have had to do an extra step, he would have to do a confusing kinit before doing the mount (which was unneeded since he could specify cruid on mount) On Thu, Jan 16, 2020 at 11:57 AM Jacob Shivers <jshivers@xxxxxxxxxx> wrote: > > When mounting a Kerberized SMB share with both cruid and multiuser, > the multiuser mount option is negated. This is not documented as > explicit behavior. The question is whether this intended behavior or > if it is unexpected. > > Does anyone have any existing thoughts on this? > -- Thanks, Steve
