From: Martin Wilck <martin.wilck@ts.fujitsu.com>
To: Gordon Lack <gordon.m.lack@gsk.com>
Cc: "autofs@vger.kernel.org" <autofs@vger.kernel.org>
Subject: Re: [PATCH 00/25] Current autofs patch queue
Date: Mon, 02 Sep 2013 15:15:48 +0200 [thread overview]
Message-ID: <52248F84.2070704@ts.fujitsu.com> (raw)
In-Reply-To: <DE458807B28C664184FA0C63B022162801D04A42@019-AM1MPN1-043.019D.MGD.MSFT.NET>
On 09/02/2013 02:55 PM, Gordon Lack wrote:
>>> But that leaves the mount permission dependent on who make the first call.
>
>> True. But that holds in the manual "mount -t cifs ..." case as well.
>
> The manual mount will be done by a specific individual who (hopefully) knows what they are doing.
>
> An automount can be done by a non-determined account and so have a non-determinate outcome once you put per-caller variables into the rule.
What my patch does is to run the map script under the UID of the user
requesting the mount, rather than root. That is actually an improvement
of the security situation, AFAICS.
>>> And once you've done that the UID that needs to be used for each of
>>> these mounts is mount-specific, not "who caused the mount"-specific. Which is why I see a problem with it.
>
>> Do you have security concerns, or is it just that you don't consider it useful?
>
> Both.
> Its presence would encourage its use.
> You will then find users who set it up for themselves and then get confused when another account has made the mount and access is wrong, but everything "looks" correct.
> Mind you - the security issue is about using cifs mounts on a system which has the potential for >1 concurrent user anyway.
Please check the "multiuser" option of mount.cifs ("With this option,
the client ... creates a new session with the server using the user's
credentials whenever a new user accesses the mount"). With that option,
I see no major difference between CIFS and NFS automounts,
security-wise. IMO combining autofs and "multiuser" is exactly the
desired behavior in an AD environment. It lets the server decide access
rights based on the credentials provided.
>> But I admit I have been using it mostly on my workstation, where I am the only user.
>
> So you can set-up the rules so that they contain just your id.
> And make sure you lock-out all other users once you have anything mounted.
I don't think that's necessary, see above.
Your arguments would apply equally well to users clicking on "Network
Environment" or similar in their GUI. It's a (sad) fact in life that
many of us have to work in Windows-dominated IT environments.
Martin
--
Dr. Martin Wilck
PRIMERGY System Software Engineer
x86 Server Engineering
FUJITSU
Fujitsu Technology Solutions GmbH
Heinz-Nixdorf-Ring 1
33106 Paderborn, Germany
Phone: ++49 5251 525 2796
Fax: ++49 5251 525 2820
Email: martin.wilck@ts.fujitsu.com
Internet: http://ts.fujitsu.com
Company Details: http://ts.fujitsu.com/imprint
next prev parent reply other threads:[~2013-09-02 13:15 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-19 1:11 [PATCH 00/25] Current autofs patch queue Ian Kent
2013-08-19 1:11 ` [PATCH 01/25] autofs-5.0.7 - don't override LDFLAGS in make rules Ian Kent
2013-08-19 1:12 ` [PATCH 02/25] autofs-5.0.7 - fix a couple of compiler warnings Ian Kent
2013-08-19 1:12 ` [PATCH 03/25] autofs-5.0.7 - add after sssd dependency to unit file Ian Kent
2013-08-19 1:12 ` [PATCH 04/25] autofs-5.0.7 - dont start readmap unless ready Ian Kent
2013-08-19 1:12 ` [PATCH 05/25] autofs-5.0.7 - fix crash due to thread unsafe use of libldap Ian Kent
2013-08-19 1:12 ` [PATCH 06/25] autofs-5.0.7 - fix compile error with heimdal support enabled Ian Kent
2013-08-20 3:36 ` Dennis Lan (dlan)
2013-08-20 7:34 ` Ian Kent
2013-08-19 1:12 ` [PATCH 07/25] autofs-5.0.7 - fix typo forced-shutdown should be force-shutdown Ian Kent
2013-08-19 1:12 ` [PATCH 08/25] autofs-5.0.7 - fix hesiod check error and use correct $(LIBS) setting Ian Kent
2013-08-19 1:12 ` [PATCH 09/25] autofs-5.0.7 - fix dead LDAP symbolic link when LDAP support is disabled Ian Kent
2013-08-19 1:13 ` [PATCH 10/25] autofs-5.0.7 - add missing libtirpc lib to mount_nfs.so when TIRPC enabled Ian Kent
2013-08-19 1:13 ` [PATCH 11/25] autofs-5.0.7 - use compiler determined by configure instead of hard-coded ones Ian Kent
2013-08-19 1:13 ` [PATCH 12/25] autofs-5.0.7 - remove hard-coded STRIP variable Ian Kent
2013-08-19 1:13 ` [PATCH 13/25] autofs-5.0.7 - use LIBS for link libraries Ian Kent
2013-08-19 1:13 ` [PATCH 14/25] autofs-5.0.7 - unbundle NOTSTRIP from DEBUG so they dont depend on each other Ian Kent
2013-08-19 1:13 ` [PATCH 15/25] autofs-5.0.7 - fix occasional build error when enable parallel compiling Ian Kent
2013-08-19 1:13 ` [PATCH 16/25] autofs-5.0.7 - fix compilation of lookup_ldap.c without sasl Ian Kent
2013-08-19 1:13 ` [PATCH 17/25] autofs-5.0.7 - fix dumpmaps multi output Ian Kent
2013-08-19 1:13 ` [PATCH 18/25] autofs-5.0.7 - try and cleanup after dumpmaps Ian Kent
2013-08-19 1:14 ` [PATCH 19/25] autofs-5.0.7 - teach dumpmaps to output simple key value pairs Ian Kent
2013-08-19 1:14 ` [PATCH 20/25] autofs-5.0.7 - fix syncronize handle_mounts() shutdown Ian Kent
2013-08-19 1:14 ` [PATCH 21/25] autofs-5.0.7 - fix fix wildcard multi map regression Ian Kent
2013-08-19 1:14 ` [PATCH 22/25] autofs-5.0.7 - improve timeout option description Ian Kent
2013-08-19 1:14 ` [PATCH 23/25] autofs-5.0.7 - only probe specific nfs version when requested Ian Kent
2013-08-19 1:14 ` [PATCH 24/25] autofs-5.0.7 - fix bad mkdir permission on create Ian Kent
2013-08-19 2:13 ` Ian Kent
2013-08-19 1:14 ` [PATCH 25/25] autofs-5.0.7 - setup program map env from macro table Ian Kent
2013-08-19 5:30 ` [PATCH 00/25] Current autofs patch queue Dennis Lan (dlan)
2013-08-20 2:55 ` Ian Kent
2013-08-20 4:52 ` Dennis Lan (dlan)
2013-09-02 10:34 ` Martin Wilck
2013-09-02 10:41 ` Gordon Lack
2013-09-02 11:04 ` Martin Wilck
2013-09-02 11:13 ` Gordon Lack
2013-09-02 12:17 ` Martin Wilck
2013-09-02 12:55 ` Gordon Lack
2013-09-02 13:15 ` Martin Wilck [this message]
2013-09-02 13:41 ` Gordon Lack
2013-09-02 14:11 ` Martin Wilck
2013-09-02 14:20 ` Gordon Lack
2013-09-02 14:49 ` Martin Wilck
2013-09-02 15:08 ` Gordon Lack
2013-09-02 15:23 ` Martin Wilck
2013-09-02 15:36 ` Gordon Lack
2013-09-06 8:11 ` Ian Kent
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52248F84.2070704@ts.fujitsu.com \
--to=martin.wilck@ts.fujitsu.com \
--cc=autofs@vger.kernel.org \
--cc=gordon.m.lack@gsk.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.