Date: Wed, 10 Jul 1996 16:47:28 -0700 (PDT) From: Jim Dennis <jim@starshine.org> To: terry@lambert.org (Terry Lambert) Cc: jim@starshine.org, terry@lambert.org, igor@cs.ibank.ru, questions@freebsd.org Subject: Re: Samba FS planned to implement? Message-ID: <199607102347.QAA00222@starshine> In-Reply-To: <199607102038.NAA27122@phaeton.artisoft.com> from "Terry Lambert" at Jul 10, 96 01:38:57 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > > Are you saying that it allows the user in question more access > > than smbtar/smbclient? > > Yes, because both smbtar and smbclient require the user to authenticate > on a per user instead of a per system basis. Okay. (I hadn't used smbfs yet by the way). I was under the (obviously mistaken) opinion that this was implemented as a userfs or like Matt Blaze's CryptFS or Caldera's Netware client implementation -- (where the authentication and visibility are on a per session or per user basis). > The problem with the FS client is that SMB servers institute credentials > (and therefore per-user protections) on a per connection basis. When > you have only one connection from a multiuser mahine to an SMB server, > you rob the server of its ability to distinguish individual users from > the user who instantiated the mount. > > Further protections rely on typical obscurity mechanisms to interpose > a layer of protection to the mount point to enforce user access semantics; > even if this is instituted (which is not an enforced access method), > doing so on a per user basis requires a mount per user -- an unrealistic > administrative burden. In essence the Unix host running smbfs must be "trusted" by the admin of the SMB server (i.e. a problem of transitive trust) This sounds like a design limitation rather than a "bug" per se. It limits the use of smbfs to single user workstations or to a limited number of "trusted" users per host -- and requires that the *ix system be reasonably secure and restrictive in its configuration. There shouldn't be a problem with "public" shares (those that are freely accessible within the domain) assuming that *both* machines in question are secure (on a private or secure LAN, possibly behind a firewall). A question: If someone is running telnetd on their NT box and allows multiple users on a LAN to telnet into it for shell (4NT or COMMAND) access .... does the same problem exist? Can that user see shares that the NT box has NET /USE'd? Can the NT admin also limit the access to those (similar to 'root' limiting the permissions on the smbfs mount point)? Are you suggesting that this be implemented like CFS or userfs (I've used CFS but not userfs)?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607102347.QAA00222>