Re: [PATCH] Making shares unaccessible at root level mountable (aka solving bsc#8950 ...again)

[Marcus Hoffmann <marcus.hoffmann-j/7cz5qe3tpn68oJJulU0Q@public.gmane.org>]

Hey Aurélien,
with your script I can reproduce the bug locally now.

I can mount the share (which is on a Windows 8.1 vm) with a Windows 7 PC
with the restricted user account. (Even in hard mode.)
I can mount the share from Linux-cifs using the admin user but not the
restricted user.

(I noticed though that no user has access to the file in the shared dir.
But this doesn't really matter for the test.)

Marcus

On 06/09/2016 06:50 PM, Aurélien Aptel wrote:
> Small update: I've written a powershell script to reproduce the problem
> (attached). If you're wondering I'm not using samba see my notes
> about it [1].
>
> On the window server:
> - Edit $Dir (script will create parent dirs)
> - Edit $LimitedUser/$AdminUser to an existing one
> - Run the script as admin
>
> On the linux client:
> - Mount the share sub dir with the limited user credentials:
>   mount //lutze/bug8950/sub/dir' /mnt \
>         -o 'domain=LURCH,ip=10.160.5.42,username=bill,password=*****,rw'
>
> My second solution fails for the case when the dir *containing* the
> shared dir restricts the limited user. See "HARD MODE" at the end
> of the script.
>
> 1: http://diobla.info/stuff/bugs/bsc799133/#sec-4
>