ncpmount && bezny uzivatel
Miroslav BENES
mbenes na tenez.cz
Čtvrtek Leden 17 12:46:50 CET 2002
> jaj taaak, takze tebe to funguje. len ti to nejde namapovat do
> /mnt/netware/nw4. to sme netusili. takze nemas pravo zapisu bud v /mnt,
> alebo v /mnt/netware alebo v /mnt/netware/nw4. na to aby si nieco niekde
> namountol potrebujes urcite zapis. citanie mozno tiez ale to by som hadal...
Tak jsem to zkousel ze vsech stran s timto vysledkem :
Nestaci prava - adresar s pravy 777 (vsechny prava pro vsechny) nejde, stejne jako
adresar s pravy x7x, kdyz pripojujici uzivatel je clenem prislusne skupiny.
Funguje to tehdy a jen tehdy, kdyz :
- uzivatel je vlastnikem adresare
- adrear ma prava 7xx
Zajimave je ale srovnani napr. s pripojovanim diskety :
/mnt/floppy root.root 755
po pripojeni :
/mnt/floppy abc.abc 775
Po odpojeni se to zase dostane do puvodniho stavu.
Pritom koncovy adresar ../floppy muze mit "v klidu" prava root.root 000 a jde to taky !
Zaver : Na rozdil od "klasickeho" pripojeni svazku prikazem mount, ktery si predem
zmeni prava a uzivatele adresare tak, aby pak pripojeni mohlo probehnout, nedokaze
totez prikaz ncpmount a to ani v kombinaci SUID bit + neomezena prava k adresari.
Zajimavy je take parametr "owner=.." :
-c user name (mount option owner=)
-c names the user who is the owner of the connection, where owner does not
refer to file ownership (that "owner" is set by the -u argument), but the owner of
the mount, ie: who is allowed to call ncpumount on this mount. The default
owner of the connection and the mount is the user who called ncpmount. This
option allows you to specify that some other user should be set as the owner.
In this this way it is possible to mount a public read-only directory, but to allow
the lp daemon to print on NetWare queues. This is possible because only
users who have write permissions on a directory may issue ncp requests over a
connection. The exception to this rule is the 'mount owner', who is also
granted 'request permission'.
Takze kdyz zaznam ve fstab obohatim na :
NW4 /nw4 ncp
owner=xyz,user,filemode=666,dirmode=744,user=abc,passwd=xxx,mult
iple
.. a pripojim jako uzivatel ABC do adresare /nw4 (abc.root, 700) svazek ze serveru
NW4, mel bych jako uzivatel XYZ mit pravo spojeni sestrelit : "...e: who is allowed to
call ncpumount on this mount".
Samozrejme to nejde :
ncpumount /nw4
Nemáte právo odpojit /nw4
Nemáte právo odpojit /nw4
Bud jsem ty manualove stranky spatne pochopil nebo se jim to chova troskku jinak. A
pak pry RTFM ... no nevim :-\
--------------------------
Miroslav BENES
E-mail : mbenes na tenez.cz
TENEZ Chotebor, a.s
--------------------------
Další informace o konferenci Linux