From: Martin Wilck <martin.wilck@ts.fujitsu.com>
To: Gordon Lack <gordon.m.lack@gsk.com>,
"autofs@vger.kernel.org" <autofs@vger.kernel.org>
Subject: Re: [PATCH 00/25] Current autofs patch queue
Date: Mon, 02 Sep 2013 14:17:23 +0200 [thread overview]
Message-ID: <522481D3.4@ts.fujitsu.com> (raw)
In-Reply-To: <DE458807B28C664184FA0C63B022162801D049A6@019-AM1MPN1-043.019D.MGD.MSFT.NET>
On 09/02/2013 01:13 PM, Gordon Lack wrote:
>>> I'm not sure what you mean.
>
> Just that I've not seen it, so thanks for the example.
>
>>> Users can create user-specific CIFS mounts today with "sudo mount -t cifs -o sec=krb5,cruid=$UID,...".
>>> The intention of my patch is just to enable autofs to create such mounts.
>
> But that leaves the mount permission dependent on who make the first call.
True. But that holds in the manual "mount -t cifs ..." case as well.
>>> P.S.: You are correct that there is an issue with autofs caching the list of mount points if the
>>> list of mountable shares returned by a server depends on the credentials provided. AFAICS that can
>>> be fixed by configuring the such that all users can see the same shares (but not necessarily
>>> access/mount them all).
>
> And once you've done that the UID that needs to be used for each of these mounts is mount-specific,
> not "who caused the mount"-specific. Which is why I see a problem with it.
Do you have security concerns, or is it just that you don't consider it
useful? I can just say that I find it very useful working on a Linux
workstation in an AD-dominated environment. It's much more practical
than using any of the "Network Browsing" utilities provided by GNOME and
the like. Just my personal opinion.
I admit I have been using it mostly on my workstation, where I am the
only user.
Martin
>
>
>
> ________________________________
>
> This e-mail was sent by GlaxoSmithKline Services Unlimited
> (registered in England and Wales No. 1047315), which is a
> member of the GlaxoSmithKline group of companies. The
> registered address of GlaxoSmithKline Services Unlimited
> is 980 Great West Road, Brentford, Middlesex TW8 9GS.
>
--
Dr. Martin Wilck
PRIMERGY System Software Engineer
x86 Server Engineering
FUJITSU
Fujitsu Technology Solutions GmbH
Heinz-Nixdorf-Ring 1
33106 Paderborn, Germany
Phone: ++49 5251 525 2796
Fax: ++49 5251 525 2820
Email: martin.wilck@ts.fujitsu.com
Internet: http://ts.fujitsu.com
Company Details: http://ts.fujitsu.com/imprint
next prev parent reply other threads:[~2013-09-02 12:17 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-19 1:11 [PATCH 00/25] Current autofs patch queue Ian Kent
2013-08-19 1:11 ` [PATCH 01/25] autofs-5.0.7 - don't override LDFLAGS in make rules Ian Kent
2013-08-19 1:12 ` [PATCH 02/25] autofs-5.0.7 - fix a couple of compiler warnings Ian Kent
2013-08-19 1:12 ` [PATCH 03/25] autofs-5.0.7 - add after sssd dependency to unit file Ian Kent
2013-08-19 1:12 ` [PATCH 04/25] autofs-5.0.7 - dont start readmap unless ready Ian Kent
2013-08-19 1:12 ` [PATCH 05/25] autofs-5.0.7 - fix crash due to thread unsafe use of libldap Ian Kent
2013-08-19 1:12 ` [PATCH 06/25] autofs-5.0.7 - fix compile error with heimdal support enabled Ian Kent
2013-08-20 3:36 ` Dennis Lan (dlan)
2013-08-20 7:34 ` Ian Kent
2013-08-19 1:12 ` [PATCH 07/25] autofs-5.0.7 - fix typo forced-shutdown should be force-shutdown Ian Kent
2013-08-19 1:12 ` [PATCH 08/25] autofs-5.0.7 - fix hesiod check error and use correct $(LIBS) setting Ian Kent
2013-08-19 1:12 ` [PATCH 09/25] autofs-5.0.7 - fix dead LDAP symbolic link when LDAP support is disabled Ian Kent
2013-08-19 1:13 ` [PATCH 10/25] autofs-5.0.7 - add missing libtirpc lib to mount_nfs.so when TIRPC enabled Ian Kent
2013-08-19 1:13 ` [PATCH 11/25] autofs-5.0.7 - use compiler determined by configure instead of hard-coded ones Ian Kent
2013-08-19 1:13 ` [PATCH 12/25] autofs-5.0.7 - remove hard-coded STRIP variable Ian Kent
2013-08-19 1:13 ` [PATCH 13/25] autofs-5.0.7 - use LIBS for link libraries Ian Kent
2013-08-19 1:13 ` [PATCH 14/25] autofs-5.0.7 - unbundle NOTSTRIP from DEBUG so they dont depend on each other Ian Kent
2013-08-19 1:13 ` [PATCH 15/25] autofs-5.0.7 - fix occasional build error when enable parallel compiling Ian Kent
2013-08-19 1:13 ` [PATCH 16/25] autofs-5.0.7 - fix compilation of lookup_ldap.c without sasl Ian Kent
2013-08-19 1:13 ` [PATCH 17/25] autofs-5.0.7 - fix dumpmaps multi output Ian Kent
2013-08-19 1:13 ` [PATCH 18/25] autofs-5.0.7 - try and cleanup after dumpmaps Ian Kent
2013-08-19 1:14 ` [PATCH 19/25] autofs-5.0.7 - teach dumpmaps to output simple key value pairs Ian Kent
2013-08-19 1:14 ` [PATCH 20/25] autofs-5.0.7 - fix syncronize handle_mounts() shutdown Ian Kent
2013-08-19 1:14 ` [PATCH 21/25] autofs-5.0.7 - fix fix wildcard multi map regression Ian Kent
2013-08-19 1:14 ` [PATCH 22/25] autofs-5.0.7 - improve timeout option description Ian Kent
2013-08-19 1:14 ` [PATCH 23/25] autofs-5.0.7 - only probe specific nfs version when requested Ian Kent
2013-08-19 1:14 ` [PATCH 24/25] autofs-5.0.7 - fix bad mkdir permission on create Ian Kent
2013-08-19 2:13 ` Ian Kent
2013-08-19 1:14 ` [PATCH 25/25] autofs-5.0.7 - setup program map env from macro table Ian Kent
2013-08-19 5:30 ` [PATCH 00/25] Current autofs patch queue Dennis Lan (dlan)
2013-08-20 2:55 ` Ian Kent
2013-08-20 4:52 ` Dennis Lan (dlan)
2013-09-02 10:34 ` Martin Wilck
2013-09-02 10:41 ` Gordon Lack
2013-09-02 11:04 ` Martin Wilck
2013-09-02 11:13 ` Gordon Lack
2013-09-02 12:17 ` Martin Wilck [this message]
2013-09-02 12:55 ` Gordon Lack
2013-09-02 13:15 ` Martin Wilck
2013-09-02 13:41 ` Gordon Lack
2013-09-02 14:11 ` Martin Wilck
2013-09-02 14:20 ` Gordon Lack
2013-09-02 14:49 ` Martin Wilck
2013-09-02 15:08 ` Gordon Lack
2013-09-02 15:23 ` Martin Wilck
2013-09-02 15:36 ` Gordon Lack
2013-09-06 8:11 ` Ian Kent
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=522481D3.4@ts.fujitsu.com \
--to=martin.wilck@ts.fujitsu.com \
--cc=autofs@vger.kernel.org \
--cc=gordon.m.lack@gsk.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.