diff options
author | Steve French <sfrench@us.ibm.com> | 2005-11-29 23:20:10 -0500 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2005-11-29 23:20:10 -0500 |
commit | 6473a559c336d5c407f9df412ca2f55357767ff8 (patch) | |
tree | ededf2b339de4541e98c78b5d537ab954d9dc413 /fs/cifs/README | |
parent | 3abb92722ab1784b419dadb5444daf8ea9636905 (diff) |
[CIFS] Fix missing permission check on setattr when noperm mount option is
disabled. Also set mode, uid, gid better on mkdir and create for the
case when Unix Extensions is not enabled and setuids is enabled. This is
necessary to fix the hole in which chown could be allowed for non-root
users in some cases if root mounted, and also to display the mode and uid
properly in some cases.
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs/README')
-rw-r--r-- | fs/cifs/README | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/fs/cifs/README b/fs/cifs/README index bb90941826ad..e5d09a2fc7a5 100644 --- a/fs/cifs/README +++ b/fs/cifs/README | |||
@@ -278,7 +278,9 @@ A partial list of the supported mount options follows: | |||
278 | (such as Windows), permissions can also be checked at the | 278 | (such as Windows), permissions can also be checked at the |
279 | client, and a crude form of client side permission checking | 279 | client, and a crude form of client side permission checking |
280 | can be enabled by specifying file_mode and dir_mode on | 280 | can be enabled by specifying file_mode and dir_mode on |
281 | the client | 281 | the client. Note that the mount.cifs helper must be |
282 | at version 1.10 or higher to support specifying the uid | ||
283 | (or gid) in non-numberic form. | ||
282 | gid If CIFS Unix extensions are not supported by the server | 284 | gid If CIFS Unix extensions are not supported by the server |
283 | this overrides the default gid for inodes. | 285 | this overrides the default gid for inodes. |
284 | file_mode If CIFS Unix extensions are not supported by the server | 286 | file_mode If CIFS Unix extensions are not supported by the server |
@@ -345,7 +347,10 @@ A partial list of the supported mount options follows: | |||
345 | client system. It is typically only needed when the server | 347 | client system. It is typically only needed when the server |
346 | supports the CIFS Unix Extensions but the UIDs/GIDs on the | 348 | supports the CIFS Unix Extensions but the UIDs/GIDs on the |
347 | client and server system do not match closely enough to allow | 349 | client and server system do not match closely enough to allow |
348 | access by the user doing the mount. | 350 | access by the user doing the mount, but it may be useful with |
351 | non CIFS Unix Extension mounts for cases in which the default | ||
352 | mode is specified on the mount but is not to be enforced on the | ||
353 | client (e.g. perhaps when MultiUserMount is enabled) | ||
349 | Note that this does not affect the normal ACL check on the | 354 | Note that this does not affect the normal ACL check on the |
350 | target machine done by the server software (of the server | 355 | target machine done by the server software (of the server |
351 | ACL against the user name provided at mount time). | 356 | ACL against the user name provided at mount time). |
@@ -368,15 +373,21 @@ A partial list of the supported mount options follows: | |||
368 | setuids If the CIFS Unix extensions are negotiated with the server | 373 | setuids If the CIFS Unix extensions are negotiated with the server |
369 | the client will attempt to set the effective uid and gid of | 374 | the client will attempt to set the effective uid and gid of |
370 | the local process on newly created files, directories, and | 375 | the local process on newly created files, directories, and |
371 | devices (create, mkdir, mknod). | 376 | devices (create, mkdir, mknod). If the CIFS Unix Extensions |
377 | are not negotiated, for newly created files and directories | ||
378 | instead of using the default uid and gid specified on the | ||
379 | the mount, cache the new file's uid and gid locally which means | ||
380 | that the uid for the file can change when the inode is | ||
381 | reloaded (or the user remounts the share). | ||
372 | nosetuids The client will not attempt to set the uid and gid on | 382 | nosetuids The client will not attempt to set the uid and gid on |
373 | on newly created files, directories, and devices (create, | 383 | on newly created files, directories, and devices (create, |
374 | mkdir, mknod) which will result in the server setting the | 384 | mkdir, mknod) which will result in the server setting the |
375 | uid and gid to the default (usually the server uid of the | 385 | uid and gid to the default (usually the server uid of the |
376 | user who mounted the share). Letting the server (rather than | 386 | user who mounted the share). Letting the server (rather than |
377 | the client) set the uid and gid is the default. This | 387 | the client) set the uid and gid is the default. If the CIFS |
378 | parameter has no effect if the CIFS Unix Extensions are not | 388 | Unix Extensions are not negotiated then the uid and gid for |
379 | negotiated. | 389 | new files will appear to be the uid (gid) of the mounter or the |
390 | uid (gid) parameter specified on the mount. | ||
380 | netbiosname When mounting to servers via port 139, specifies the RFC1001 | 391 | netbiosname When mounting to servers via port 139, specifies the RFC1001 |
381 | source name to use to represent the client netbios machine | 392 | source name to use to represent the client netbios machine |
382 | name when doing the RFC1001 netbios session initialize. | 393 | name when doing the RFC1001 netbios session initialize. |
@@ -418,6 +429,13 @@ A partial list of the supported mount options follows: | |||
418 | byte range locks). | 429 | byte range locks). |
419 | remount remount the share (often used to change from ro to rw mounts | 430 | remount remount the share (often used to change from ro to rw mounts |
420 | or vice versa) | 431 | or vice versa) |
432 | sfu When the CIFS Unix Extensions are not negotiated, attempt to | ||
433 | create device files and fifos in a format compatible with | ||
434 | Services for Unix (SFU). In addition retrieve bits 10-12 | ||
435 | of the mode via the SETFILEBITS extended attribute (as | ||
436 | SFU does). In the future the bottom 9 bits of the mode | ||
437 | mode also will be emulated using queries of the security | ||
438 | descriptor (ACL). | ||
421 | 439 | ||
422 | The mount.cifs mount helper also accepts a few mount options before -o | 440 | The mount.cifs mount helper also accepts a few mount options before -o |
423 | including: | 441 | including: |