Re: [opensuse] fstab: umount as user

On Tuesday 09 October 2007 11:23:56 G T Smith wrote:
Anders Johansson wrote:
On Monday 08 October 2007 10:54:41 G T Smith wrote:
Anders Johansson wrote:
On Sunday 07 October 2007 14:23:50 G T Smith wrote:
Unfortunately if you can disconnect a resource, you can also reconnect
something else at the same point, and that could be a security issue.
If the location is taken it makes it more difficult (but not
impossible) to hijack.

No you can't, because linux will only allow you to mount things as a
user when permission is explicitly given in fstab. Which means the
worst they could do is remount the same resource

If you think this is wrong, please give a concrete example of how it
could be done

<snip something about home directories on samba shares>

Obviously your scenario is just wrong.

I think you need to do a little research into both AD and NDS and some
Network Operating System concepts.... You are thinking server and
machine centric not network centric... e.g. NT user accounts are
frequently dynamically created on the local machine on login and the
account removed on logout, accounts and their settings exist on the
network NOT the machine (I am unaware of anything similar on *NIX). The
approach has its problems but works well enough...

First of all, for the kind of shares you're talking about, there are the
non-mounted resources (smb:// in various browsers and vfs
implementations). You can't have your home directory on samba anyway (or
at least you shouldn't). So that eliminates your scenario

If the directory is mounted on login there is no real reason why you
should not either.

You are obviously completely unfamiliar with concept of the hotdesk. Let
me spell it out ... user does not have own machine, user may have own
resources and own role in organisation, user must be able sit down and
use any machine in a pool of machines and use as own... This is commonly
used in teaching institutions, call centres, and other variants of
cubicle land... And are you seriously suggesting that in organisation
with several hundred users that you set up several hundred home
directories (and associated accounts) on each machine in the pool?

The browser is an approach with limitations. For it to work with
reasonable safety any settings need to travel with the user and not be
tied to the machine.

Oddly enough this is something fairly easy to do with Windows with AD or
NDS...

Secondly, one single mount point for all users is just bad, it won't
work.

There are a number of references to this type of configuration around
with NFS, there is usually a single mount point but is lower down the
hierarchy on the server end and in theory you should only see the
material pertinent to the logged in user.

That's not a single mountpoint, that is autofs at work. It dynamically creates
mount points as and when needed. It seems to me this is exactly what you're
looking for

There have various ways of
presenting a file system across a network for a long time in *NIX world,
but they do not really fit more recent desktop use models.

I'm sorry, but are you referring here to the early 70s method of assigning
letters like C:, F: and so on to shares? That's hardly the ultramodern
approach here. Which part of this is "more recent desktop use model"?

You can say that things like Documents and settings should come from a server,
which is about as close to the kind of mounting you can do in *NIX that you
can get on a windows machine. I don't see why you say that this can't be done
on linux. It has been possible for a very long time, as far as I can see

We already have roaming users, with several hundred users. It works like a
charm, as far as I can see. I can sit down on any machine, log in, and get my
own desktop
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

Relevant Pages

  • Re: [opensuse] fstab: umount as user
    ... Network Operating System concepts.... ... accounts and their settings exist on the ... names, worked perfectly - no need to create home directories on each machine, ... no need for local root access ...
    (SuSE)
  • Re: Script help
    ... Network administration is always a ... If these are, in fact, writing lab computers, and students have their files ... shared on a server somewhere on campus, then yes, individual accounts are ... >> need the script, just log on the account and add the printer, followed by ...
    (microsoft.public.windows.server.scripting)
  • Re: [opensuse] fstab: umount as user
    ... Network Operating System concepts.... ... accounts and their settings exist on the ... Secondly, one single mount point for all users is just bad, it won't work. ... If A is member of group 2 they can use resource VI when they log in... ...
    (SuSE)
  • Re: Peer to Peer Security in WindowsXP Pro.
    ... I have limited my network shares to Authorized ... I have been unable to share encrypted files over the network. ... can't be shared peer to peer. ... Create user accounts on Computer A that match the ...
    (microsoft.public.windowsxp.security_admin)
  • RE: SIDS show instead of user names
    ... I'd like to make sure the sid can be resolved at the same time you see SID ... As far as the accounts being deleted in AD, ... Go to Capture --> Networks to choose the correct network card by ...
    (microsoft.public.win2000.active_directory)