From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jeremy Allison Subject: Re: [RFC PATCH] CIFS posix acl permission checking Date: Thu, 11 Mar 2010 17:53:19 -0800 Message-ID: <20100312015319.GC27697@samba1> References: <201003041150.08341.jon@severinsson.net> <20100304111812.6af53003@barsoom.rdu.redhat.com> Reply-To: Jeremy Allison Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: vl@samba.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Jeff Layton , linux-cifs-client@lists.samba.org To: Michael Adam Return-path: Content-Disposition: inline In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-cifs-client-bounces@lists.samba.org Errors-To: linux-cifs-client-bounces@lists.samba.org List-Id: linux-fsdevel.vger.kernel.org On Thu, Mar 11, 2010 at 11:45:29PM +0100, Michael Adam wrote: > > When discussing this with Volker today, he had a different idea: > One could implement a trans2 impersonate call in samba (as a new > call in the unix extensions) that could be used to transfer the > session established by the privileged user (root, say) to a > different user specified as an argument to the call -- without > the need to give credentials! Then this call could be used in > the multi user mount scenario: when uid 1000 accesse the cifs > mount then the root-dispatcher mount would create a new session > initially as root and issue an impersonate call to user 1000 > directly afterwards. > > Wouldn't that be something worth considering? This world work, but protocol cleanliness-wise it's *really* horrible :-). Jeremy.