LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Jeff Moyer <jmoyer@redhat.com>
To: Ian Kent <raven@themaw.net>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Kernel Mailing List <linux-kernel@vger.kernel.org>,
autofs mailing list <autofs@linux.kernel.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Pavel Emelyanov <xemul@openvz.org>,
"Eric W. Biederman" <ebiederm@xmission.com>
Subject: Re: [PATCH 3/4] autofs4 - track uid and gid of last mount requestor
Date: Thu, 28 Feb 2008 12:13:50 -0500 [thread overview]
Message-ID: <x494pbtxaup.fsf@segfault.boston.devel.redhat.com> (raw)
In-Reply-To: <1204185623.3501.84.camel@raven.themaw.net> (Ian Kent's message of "Thu, 28 Feb 2008 17:00:23 +0900")
Ian Kent <raven@themaw.net> writes:
> On Wed, 2008-02-27 at 23:23 -0800, Andrew Morton wrote:
>> On Thu, 28 Feb 2008 16:08:20 +0900 Ian Kent <raven@themaw.net> wrote:
>> > which includes the process uid and gid, and as part of
>> > the lookup we set macros for several mount map substitution variables,
>> > derived from the uid and gid of the process requesting the mount and
>> > they can be used within autofs maps.
>>
>> yeah, could be a problem. Hopefully the namespace people can advise.
>> Perhaps we need a concept of an exportable-to-userspace namespace-id+uid,
>> namespace-id+gid, namespace-id+pid, etc for this sort of thing. It has
>> come up before. Recently, but I forget what the context was.
>
> I'm all ears to any feedback from others on this, please.
I think there is some confusion surrounding what the UID and GID are
used for in this context. I'll try to explain it as best I can.
When the automount daemon parses a map entry, it will do some amount of
variable substitution. So, let's say you're running on an i386 box, and
you want to mount a library directory from a server. You might have a
map entry that looks like this:
lib server:/export/$ARCH/lib
In this case, the automount daemon will replace $ARCH with i386, and
will try the following mount command:
mount -t nfs server:/export/i386/lib /automountdir/lib
There are cases where it would be helpful to use the requesting
process's UID in such a variable substitution. Consider the case of a
CIFS share, where the automount daemon runs as user root, but we want to
mount the share using the credentials of the requesting user. In this
case, the UID and GID can be helpful in formatting the mount options for
mounting the share.
So, the UID and GID are used only for map substitutions. Now, having
said all of that, I'll have to look more closely at why we even need to
keep track of it, given that it only needs to be used when performing
the lookup, and at that time we have information on the requesting UID
and GID.
Cheers,
Jeff
next prev parent reply other threads:[~2008-02-28 17:14 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-26 3:21 [PATCH 0/4] autofs4 - autofs needs a miscelaneous device for ioctls Ian Kent
2008-02-26 3:22 ` [PATCH 1/4] autofs4 - check for invalid dentry in getpath Ian Kent
2008-02-26 3:23 ` [PATCH 3/4] autofs4 - track uid and gid of last mount requestor Ian Kent
2008-02-26 5:14 ` [PATCH 3/4] autofs4 - track uid and gid of last mount requestor - correction Ian Kent
2008-02-28 4:45 ` [PATCH 3/4] autofs4 - track uid and gid of last mount requestor Andrew Morton
2008-02-28 6:22 ` Ian Kent
2008-02-28 6:37 ` Andrew Morton
2008-02-28 7:08 ` Ian Kent
2008-02-28 7:23 ` Andrew Morton
2008-02-28 8:00 ` Ian Kent
2008-02-28 17:13 ` Jeff Moyer [this message]
2008-02-28 19:51 ` Serge E. Hallyn
2008-02-29 3:32 ` Ian Kent
2008-02-29 16:09 ` Serge E. Hallyn
2008-02-29 16:20 ` Pavel Emelyanov
2008-02-29 17:42 ` Serge E. Hallyn
2008-03-02 0:49 ` Eric W. Biederman
2008-03-02 1:13 ` Eric W. Biederman
2008-03-03 15:28 ` Serge E. Hallyn
2008-03-04 22:16 ` Eric W. Biederman
2008-02-28 7:51 ` Pavel Emelyanov
2008-02-28 7:59 ` Andrew Morton
2008-02-28 8:06 ` Ian Kent
2008-02-28 12:31 ` [autofs] " Fabio Olive Leite
2008-02-28 20:33 ` Eric W. Biederman
2008-02-26 3:23 ` [PATCH 4/4] autofs4 - add miscelaneous device for ioctls Ian Kent
2008-02-28 5:17 ` Andrew Morton
2008-02-28 6:18 ` Ian Kent
2008-03-13 7:00 ` [RFC] " Ian Kent
2008-03-14 2:45 ` Ian Kent
2008-03-14 12:45 ` Thomas Graf
2008-03-14 14:10 ` Ian Kent
2008-02-29 16:24 ` Ian Kent
2008-04-11 7:02 ` Ian Kent
2008-04-12 4:03 ` Andrew Morton
2008-04-14 4:45 ` Ian Kent
2008-02-26 4:29 ` [PATCH 2/4] autofs4 - add mount option to display mount device Ian Kent
2008-02-28 5:17 ` Andrew Morton
2008-02-28 4:40 ` [PATCH 0/4] autofs4 - autofs needs a miscelaneous device for ioctls Andrew Morton
2008-02-28 6:07 ` Ian Kent
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=x494pbtxaup.fsf@segfault.boston.devel.redhat.com \
--to=jmoyer@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=autofs@linux.kernel.org \
--cc=ebiederm@xmission.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=raven@themaw.net \
--cc=xemul@openvz.org \
--subject='Re: [PATCH 3/4] autofs4 - track uid and gid of last mount requestor' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).