using samba as nfs server replacement?
in [Samba]
|
Prev: [Samba] 3.0.28a winbind fails to resolve sid-to-gid for local groups
Next: [Samba] Problem joining XP SP2 Machines to the domain
From: John Hodrien on 24 Apr 2008 06:20 On Thu, 24 Apr 2008, Helmut Hullen wrote: > Du (michaelh) meintest am 24.04.08: > >>> You may set the SUID flag for "mount,cifs" and "umount.cifs" on the >>> server. > >> That could be a security hazard. > > One mistake (from me): these flags must be set on the client. The client > tries to mount, and it uses its local "mount.cifs". > >> If we assume that cifs unix >> extensions can be made to work, I could bring in my laptop which >> contains a SUID root binary and mount it to my workstation. > > But (regarding my error correction): ypu always can set the SUID flag on > your laptop's "mount.cifs"! > > The server has to decide wether it will accept the mount try. I think there's some confusion between setting /sbin/mount.cifs setuid, and having suid as a mount option. jh -- "Your right to swing your fist ends where my nose begins." -- Robert Heinlein -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
From: Pakorn Chutinimitkul on 24 Apr 2008 09:00 Hi Helmut, I'll give it a try. Just for my curiosity, is there a way to bypass Samba's authentication? Thank you! Pakorn Helmut Hullen wrote: > Hallo, Pakorn, > > Du (pakorn) meintest am 24.04.08: > >> There's a lot of different users who will log into the workstation, >> all of them are not superuser, therefore they can't run mount command >> and specify their samba username/password. I tried to create a Samba >> account for each machine, say machine1 and put the username/password >> in /etc/fstab. > > These entries in "/etc/fstab" are not necessary, they only allow to > shorten the mount options. > > Some colleagues and I have played with many option to mount shares from > a Linux Samba server on many linux clients. > > First: may be the username may not be "root" but some other user. > Second: our actual way is mounting > > a) via a special script in "/etc/profile.d" which is run when the user > logs in using CLI (and bash). > > b) via a special entry in "Xsession" which is run when the user logs in > using the GUI > > or > c) via an icon on the (GUI) desktop which reads the desired username and > password and then mounts the (pre-defined) shares. > > a and b run automatically, c runs only on demand. > > One problem: client's (or user's) authentification on the server. I've > read that it needs "winbind" - may be. "winbind" seems to need PAM, and > slackware (my favorite server distribution) runs without PAM. > > I won't install LDAP on the server only for authentification - it brings > in other difficulties. > > ------------------------ > > You can read (in german) the discussion in > > http://www.listserv.dfn.de/cgi-bin/wa?A1=ind0804&L=schul-netz > > under the titles: > "Neu"vorstellung, Linux-Client an Server, anmeldescript linux, > anmeldescript linux (was: "Neu"vorstellung), Domaenenanmeldung mit > Linux-Clients, Samba mit SuSE-Client (was: [SN] "Neu"vorstellung), Samba > per SuSE-Client, smbnetfs > > Viele Gruesse! > Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
From: Helmut Hullen on 24 Apr 2008 10:00
Hallo, Pakorn, Du (pakorn) meintest am 24.04.08: > I'll give it a try. Just for my curiosity, is there a way to bypass > Samba's authentication? That may (should) depend from the allowed users. In our LANs there is no user "guest" or "nobody" allowed, we haven't tried them. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba |