2010/4/22 Jeff Layton <jlayton@xxxxxxxxxx>: > On Thu, 22 Apr 2010 16:56:55 +0200 > Stef Bon <stefbon@xxxxxxxxx> wrote: > >> 2010/4/21 Jeff Layton <jlayton@xxxxxxxxxx>: >> > On Wed, 21 Apr 2010 16:16:26 +0200 >> > Stef Bon <stefbon@xxxxxxxxx> wrote: >> > >> >> I'm sorry but what is a multisession mount? >> >> >> >> Stef >> for securiity reasons. Another user is not allowed to access my mounts >> (not only to smb shares but every mount) >> > > I'm sure your solution solves some problems, but it's I don't think it > precludes this work. We have users of CIFS who do something similar > today (albeit much more manually). > > There are certainly cases where someone has a shared directory that > they need multiple users to access. Having to have a separate > mountpoint for each of those users seems rather cumbersome, IMO. > > In either case, this is simply a different way to solve that issue. > This solution will not preclude you from using CIFS in the way you wish > (with a single set of credentials per mount). Yes I understand. This is another way to provide data on the remote server, but its just so not my idea of mounting. But now when I read and think futher about this, I see that's a providing new functionality I can understand. > >> But apart from that, I think all the data (files,permissions,..) >> depend on the credentials provided. The server "decides" >> what the client can see. Now you want to make the mounpoint present >> all the different "views" in one? >> > > CIFS does not cache readdir info, so the server will still decide what > each user can "see" based on the credentials that call the FIND_FILE > ops. In the event of a syscall against a dentry that's visible to one > user but not another, a call will still go out over the wire before > that syscall is satisfied. Therefore I don't think this patchset will > allow information "leakage" to users that shouldn't have it So in this situation the amount of mountpoints is never more than the number of smb shares available in the network, and does not depend on the number of users, which in my construction is. > >> I do not know this is possible. The client should maintain different >> views (or sessions as you call it) and present the view to the user. >> But what if a user which is not linked to any credentials on the >> client accesses the mountpiont? >> > > There are a couple of possibilties. In the current patchset, they'll > get back an error when they try to access the mount -- -ENOKEY > currently in most cases, but I will likely need to translate that to > something that more syscalls will expect, such as -EACCES. > > As a future feature, it might be helpful to establish an anonymous > session to the server and map users without credentials to that. That's a sound idea. Stef > > -- > Jeff Layton <jlayton@xxxxxxxxxx> > -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
