Hi Ian, On Thu, Jul 05, 2007 at 09:55:16AM +1000, Ian MacKinnell wrote: > Here is the xterm output when I mount a remote host and then run ls -la > on the mount point:
> [EMAIL PROTECTED]:~$ smbmount //frodo/ianma ~/tmp -o uid=ianma,gid=users > Password: > [EMAIL PROTECTED]:~$ ls -la ~/tmp > total 24 > drwxr-xr-x 1 root root 4096 2007-07-05 09:12 . > drwxr-xr-x 68 ianma users 4096 2007-07-04 16:28 .. > -rw------- 1 1039 users 99 2007-06-15 13:20 .bash_history > -rw-r--r-- 1 1039 users 220 2006-12-12 08:20 .bash_logout > -rw-r--r-- 1 1039 users 414 2006-12-12 08:20 .bash_profile > -rw-r--r-- 1 1039 users 2227 2007-06-15 13:19 .bashrc > drwxr-xr-x 1 1039 users 0 2007-06-15 13:20 .mc > [EMAIL PROTECTED]:~$ > (Note: user 1039 is the uid for "ianma" on the remote Samba server) Thanks, this makes it pretty clear to me what's going on. First of all, from a security perspective, it's important that the suid-root mounting script (smbmount+smbmnt) not be usable by the mounting user to gaing privileges he doesn't otherwise have. This /possibly/ means that the user should not be allowed to specify arbitrary uid,gid settings when mounting. It also *definitely* means that the user should not be able to use smbmount to mount filesystems with full Unix extensions -- you do *not* want a user to have a copy of /dev/hda that they own, or a copy of /bin/sh that's suid root! Now, it looks like the current behavior of smbmount is a result of the added patch, missing_userspace_bugzilla999. If I drop this patch from samba 3.0.25b-1 and rebuild, the resulting smbmount gives me mounts with the current user's uid, regardless of server permissions and regardless of uid options passed on the commandline. So it looks like a bug in this patch. I'll try to see what's up with it. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
