![]() |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
As the subject line says you can no longer make mount.cifs setuid. The change was made last November but the effects did not appear in the distributions till January. I have used the setuid feature to let users mount their network shares locally on login and then un-mount and delete the mount points on logout, all via scripts that are run by the WM so that it is transparent to them. I have not been effected by the change due to the fact that I made copies of the binaries mount.cifs and umount.cifs and stuck them under /usr/local/bin where they are not updated. I don't know how long this will work. So the only solution I can think of is to make all the users sudo users with NOPASSWD enabled. I can also stipulate the binaries they can execute. Samba's reason for the change is that it is possible to escalate your privileges (mount shares that are not permitted) because cifs can't verify the credentials of the user. The discussion on the developer list noted that there was no report of this ever occurring only that it could, and since they did not feel it was a priority to fix it, they just disabled the setuid ability. Does anyone see another means to maintain the users ability to mount their network shares transparently? Jim KR