Re: [opensuse] fstab: umount as user
- From: G T Smith <grahamsmith@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 09 Oct 2007 10:23:56 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Anders Johansson wrote:
On Monday 08 October 2007 10:54:41 G T Smith wrote:
Anders Johansson wrote:<snip something about home directories on samba shares>
On Sunday 07 October 2007 14:23:50 G T Smith wrote:
Unfortunately if you can disconnect a resource, you can also reconnectNo you can't, because linux will only allow you to mount things as a user
something else at the same point, and that could be a security issue. If
the location is taken it makes it more difficult (but not impossible) to
hijack.
when permission is explicitly given in fstab. Which means the worst they
could do is remount the same resource
If you think this is wrong, please give a concrete example of how it
could be done
Obviously your scenario is just wrong.
I think you need to do a little research into both AD and NDS and some
Network Operating System concepts.... You are thinking server and
machine centric not network centric... e.g. NT user accounts are
frequently dynamically created on the local machine on login and the
account removed on logout, accounts and their settings exist on the
network NOT the machine (I am unaware of anything similar on *NIX). The
approach has its problems but works well enough...
First of all, for the kind of shares you're talking about, there are the
non-mounted resources (smb:// in various browsers and vfs implementations).
You can't have your home directory on samba anyway (or at least you
shouldn't). So that eliminates your scenario
If the directory is mounted on login there is no real reason why you
should not either.
You are obviously completely unfamiliar with concept of the hotdesk. Let
me spell it out ... user does not have own machine, user may have own
resources and own role in organisation, user must be able sit down and
use any machine in a pool of machines and use as own... This is commonly
used in teaching institutions, call centres, and other variants of
cubicle land... And are you seriously suggesting that in organisation
with several hundred users that you set up several hundred home
directories (and associated accounts) on each machine in the pool?
The browser is an approach with limitations. For it to work with
reasonable safety any settings need to travel with the user and not be
tied to the machine.
Oddly enough this is something fairly easy to do with Windows with AD or
NDS...
Secondly, one single mount point for all users is just bad, it won't work.
There are a number of references to this type of configuration around
with NFS, there is usually a single mount point but is lower down the
hierarchy on the server end and in theory you should only see the
material pertinent to the logged in user. There have various ways of
presenting a file system across a network for a long time in *NIX world,
but they do not really fit more recent desktop use models.
Thirdly, if there really is a need for mounting, there is FUSE (but there
isn't a need, so...)
Have you actually tried smbfuse? It crawls....veeeeeeerrrrryyyy
ssssslllllooowwwllyy :-) When I last looked at it, it spent an awful lot
of time authenticating when I tracked what was happening, also can pick
stuff that do not want to be picked up if you are not careful ... Nice
idea but not currently usable...
Finally, for the kind of "conditional mounts" you refer to, there is autofs
You are talking hardware conditional not user/location conditional. i.e.
If A is member of group 2 they can use resource VI when they log in...
What we considering is the concept of single point of login and
transparent access to resources ....
One of the most serious security issues is password and identity
overload... if people have lots of IDs and passwords people starting
loosing track what password works with which ID... so people people
starting making life easy for themselves and choose insecure password
or put the passwords down on a bit of paper.. (how many people have come
across the stick it note with the password list on the monitor :-) )
In no case do you ever have to give a normal user root access
Ideally of course,
Anders
- --
==============================================================================
I have always wished that my computer would be as easy to use as my
telephone.
My wish has come true. I no longer know how to use my telephone.
Bjarne Stroustrup
==============================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFHC0irasN0sSnLmgIRArJxAJ9+uDw4yyMgE23b4dkrXd9HXwjkRwCfT9km
TF22nqFsz59EbKmZZMVQhvM=
=cB2W
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
- Follow-Ups:
- Re: [opensuse] fstab: umount as user
- From: Sloan
- Re: [opensuse] fstab: umount as user
- From: Anders Johansson
- Re: [opensuse] fstab: umount as user
- From: Anders Johansson
- Re: [opensuse] fstab: umount as user
- From: John E. Perry
- Re: [opensuse] fstab: umount as user
- References:
- [opensuse] fstab: umount as user
- From: Ron Eggler
- Re: [opensuse] fstab: umount as user
- From: Anders Johansson
- Re: [opensuse] fstab: umount as user
- From: G T Smith
- Re: [opensuse] fstab: umount as user
- From: Anders Johansson
- [opensuse] fstab: umount as user
- Prev by Date: Re: [opensuse] Internet domain names with international characters (idn)
- Next by Date: Re: [opensuse] Realtek 8167 nic not recognized
- Previous by thread: Re: [opensuse] fstab: umount as user
- Next by thread: Re: [opensuse] fstab: umount as user
- Index(es):
Relevant Pages
|
