Date: Wed, 10 Jul 1996 15:36:52 -0700 From: "M.R.Murphy" <mrm@MARMOT.Mole.ORG> To: terry@lambert.org Cc: igor@cs.ibank.ru, jim@starshine.org, questions@freebsd.org Subject: Re: Samba FS planned to implement? Message-ID: <199607102236.PAA02228@meerkat.mole.org>
next in thread | raw e-mail | index | archive | help
> > The problem with the FS client is that SMB servers institute credentials > (and therefore per-user protections) on a per connection basis. When > you have only one connection from a multiuser mahine to an SMB server, > you rob the server of its ability to distinguish individual users from > the user who instantiated the mount. > > Further protections rely on typical obscurity mechanisms to interpose > a layer of protection to the mount point to enforce user access semantics; > even if this is instituted (which is not an enforced access method), > doing so on a per user basis requires a mount per user -- an unrealistic > administrative burden. > Suppose that one were to look at this in a slightly twisted manner. Suppose that the SMB FS client is a FreeBSD box, and that the SMB (Samba) server is also a FreeBSD box. One could set up the server so that the client (and _all_ of its users, therefore) was suitably restricted. Samba's pretty good at that. That NT or Win* might not be quite as good still does not keep the facility from being useful. If usefulness outweighs security concerns, why not have the facility? If it doesn't, then don't allow the sharing. This is a policy matter. If the administrator of the SMB server wants to grant access to some set of users on a FreeBSD box and is willing to act in concert with the administrator of the FreeBSD box, especially since the administrators might be one in the same person, why should that not be an available security mode? I'd give you examples with group permissions and such on the mount directory, but you'd give better examples than I would. I draw your attention once again to the quote in my signature :-) Regards, Mike -- Mike Murphy mrm@Mole.ORG +1 619 598 5874 Better is the enemy of Good
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607102236.PAA02228>