ncpmount && bezny uzivatel

Miroslav BENES mbenes na tenez.cz
Čtvrtek Leden 17 12:46:50 CET 2002 

> jaj taaak, takze tebe to funguje. len ti to nejde namapovat do
> /mnt/netware/nw4. to sme netusili. takze nemas pravo zapisu bud v /mnt,
> alebo v /mnt/netware alebo v /mnt/netware/nw4. na to aby si nieco niekde
> namountol potrebujes urcite zapis. citanie mozno tiez ale to by som hadal...


Tak jsem to zkousel ze vsech stran s timto vysledkem :

Nestaci prava - adresar s pravy 777 (vsechny prava pro vsechny) nejde, stejne jako 
adresar s pravy x7x, kdyz pripojujici uzivatel je clenem prislusne skupiny.

Funguje to tehdy a jen tehdy, kdyz :

 - uzivatel je vlastnikem adresare
 - adrear ma prava 7xx

Zajimave je ale srovnani napr. s pripojovanim diskety :

/mnt/floppy	root.root	755

po pripojeni :

/mnt/floppy	abc.abc	775

Po odpojeni se to zase dostane do puvodniho stavu.

Pritom koncovy adresar ../floppy muze mit "v klidu" prava root.root 000 a jde to taky !


Zaver : Na rozdil od "klasickeho" pripojeni svazku prikazem mount, ktery si predem 
zmeni prava a uzivatele adresare tak, aby pak pripojeni mohlo probehnout, nedokaze 
totez prikaz ncpmount a to ani v kombinaci SUID bit + neomezena prava k adresari.

Zajimavy je take parametr "owner=.." :

  -c user name (mount option owner=)
	-c names the user who is the owner of the connection, where owner does not
 	refer to file ownership (that "owner" is set by the -u argument), but the owner of
 	the mount, ie: who is allowed  to  call  ncpumount  on this mount. The default
	owner of the connection and the mount is the user who called ncpmount. This
	option allows you to specify that some other user should be set as the owner.

	In this this way it is possible to mount a public read-only directory, but to allow
	the lp  daemon to  print  on  NetWare queues. This is possible because only
	users who have write permissions on a directory may issue ncp requests over a
	connection. The exception  to  this  rule  is  the  'mount owner', who is also
	granted 'request permission'.


Takze kdyz zaznam ve fstab obohatim na :

NW4 /nw4 ncp 
owner=xyz,user,filemode=666,dirmode=744,user=abc,passwd=xxx,mult
iple

.. a pripojim jako uzivatel ABC do adresare /nw4 (abc.root, 700) svazek ze serveru 
NW4, mel bych jako uzivatel XYZ mit pravo spojeni sestrelit : "...e: who is allowed  to  
call  ncpumount  on this mount".

Samozrejme to nejde :
 ncpumount /nw4
Nemáte právo odpojit /nw4
Nemáte právo odpojit /nw4


Bud jsem ty manualove stranky spatne pochopil nebo se jim to chova troskku jinak. A 
pak pry RTFM ... no nevim :-\




--------------------------
Miroslav BENES
E-mail   : mbenes na tenez.cz
TENEZ Chotebor, a.s
--------------------------

Další informace o konferenci Linux