From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Adam <obnox@samba.org>
Subject: Re: [RFC PATCH] CIFS posix acl permission
	checking
Date: Fri, 12 Mar 2010 09:09:11 +0100
Message-ID: <E1Npzvj-00AWaC-KI@intern.SerNet.DE>
References: <201003041150.08341.jon@severinsson.net>
	<20100304111812.6af53003@barsoom.rdu.redhat.com>
	<E1Npr8D-00A474-O0@intern.SerNet.DE>
	<20100312015319.GC27697@samba1>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7577454669161889664=="
Cc: vl@samba.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	Jeff Layton <jlayton@samba.org>, linux-cifs-client@lists.samba.org
To: Jeremy Allison <jra@samba.org>
Return-path: <linux-cifs-client-bounces@lists.samba.org>
In-Reply-To: <20100312015319.GC27697@samba1>
List-Unsubscribe: <https://lists.samba.org/mailman/options/linux-cifs-client>,
	<mailto:linux-cifs-client-request@lists.samba.org?subject=unsubscribe>
List-Archive: <http://lists.samba.org/pipermail/linux-cifs-client>
List-Post: <mailto:linux-cifs-client@lists.samba.org>
List-Help: <mailto:linux-cifs-client-request@lists.samba.org?subject=help>
List-Subscribe: <https://lists.samba.org/mailman/listinfo/linux-cifs-client>,
	<mailto:linux-cifs-client-request@lists.samba.org?subject=subscribe>
Sender: linux-cifs-client-bounces@lists.samba.org
Errors-To: linux-cifs-client-bounces@lists.samba.org
List-Id: linux-fsdevel.vger.kernel.org


--===============7577454669161889664==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="5G06lTa6Jq83wMTw"
Content-Disposition: inline


--5G06lTa6Jq83wMTw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Jeremy Allison wrote:
> On Thu, Mar 11, 2010 at 11:45:29PM +0100, Michael Adam wrote:
> >=20
> > When discussing this with Volker today, he had a different idea:
> > One could implement a trans2 impersonate call in samba (as a new
> > call in the unix extensions) that could be used to transfer the
> > session established by the privileged user (root, say) to a
> > different user specified as an argument to the call -- without
> > the need to give credentials! Then this call could be used in
> > the multi user mount scenario: when uid 1000 accesse the cifs
> > mount then the root-dispatcher mount would create a new session
> > initially as root and issue an impersonate call to user 1000
> > directly afterwards.
> >=20
> > Wouldn't that be something worth considering?
>=20
> This world work, but protocol cleanliness-wise it's
> *really* horrible :-).

Agreed. :-)


--5G06lTa6Jq83wMTw
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: comment

iD8DBQFLmfanyU9JOBhPkDQRAsezAJ9fon9Uxd2gkFQiU+uLkRz+Bl8auACfUfJK
lpSL417fsxMGh41ReAGUgzg=
=X60s
-----END PGP SIGNATURE-----

--5G06lTa6Jq83wMTw--

--===============7577454669161889664==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
linux-cifs-client mailing list
linux-cifs-client@lists.samba.org
https://lists.samba.org/mailman/listinfo/linux-cifs-client

--===============7577454669161889664==--