Project

General

Profile

Bug #11542

smbfs user mounts should be documented

Added by Rich Lowe 7 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
cifs - CIFS server and client
Start date:
Due date:
% Done:

0%

Estimated time:
Difficulty:
Bite-size
Tags:

Description

The ability (and in fact need) for a user to perform their own smbfs mounts should be documented probably in smbfs(7FS) and perhaps mount_smbfs(1M).
The warning about the user performing the mount giving the mount their privileges, and so world/group writeable mounts being a bad idea should be documented whereever user mounts are documented.

That is, the manual pages should say something like

It is expected that users perform their own mounts of smbfs(7FS) filesystems via:
  mount -F smbfs //user@host//share ~/share 

       Currently, all access through an smbfs mount point uses the Windows
       credentials established by the user that ran the mount command.
       Normally, permissions on smbfs mount points should be 0700 to prevent
       Unix users from using each others' Windows credentials. See the
       dirperms option to mount_smbfs(1M) for details regarding how to control
       smbfs mount point permissions.

       An important implication of this limitation is that system-wide mounts,
       such as those made using /etc/vfstab or automount maps are only useful
       in cases where access control is not a concern, such as for public
       read-only resources.

the last two paragraphs are from smbfs(7FS) and need not be repeated there, but should be repeated in mount_smbfs(1M) if appropriate.

That is, the first paragraph should be spliced into smbfs(7FS) (as a rewording/addendum of its statement about mountpoints), and all 3 paragraphs should get worked into mount_smbfs(1M)

Further, mount_smbfs(1M) should not use "root" as the example user, leading to the confusing sentence:

You must supply the password for the root user to successfully perform the mount operation.

Which is only true because root is the username being provided for the mount, and the root password required is root's password for the share.

Also available in: Atom PDF