Fwd: Re: [plug] mounting home directories

Marc Wiriadisastra marc-w at smlintl.com.au
Wed Aug 11 16:12:32 WST 2004 

The quickest test I did was unmount everything then change my userid 
using usermod it works that way.

It also works mount -t cifs althouhg fmask doesn't exist its called 
file_mode and dmask is dir_mode.


Thanks heaps for the help I didn't think I needed to match userid.

Marc

Craig Ringer wrote:

> James Devenish wrote:
>
>> Note that the files are *not* intrinsically owned by 'marc-w'. Rather,
>> they are owned by 508. The name 'marc-w' is just a facade (sorry!)
>> because names are nicer to work with. Thus, both your server and your
>> laptop need to agree that 508 is 'marc-w' and that 'marc-w' is 508 (i.e.
>> they have to agree on those TWO facts), OR you need to allow them to
>> disagree by having Samba map between 508 and 500. This is what UNIX
>> administrators expect. I'm not quite sure of the relationship between
>> this and Windows. Either Windows is doing some mapping on your behalf
>> (which would be worrisome to most UNIX admins), or perhaps it isn't
>> really working.
>
>
> My understanding is that Windows is quite a bit smarter about this. 
> It'll require you to authenticate as the user /at some point/. Always. 
> This is often done as part of a domain login - your user identify is 
> validated by the domain controller when you log in to your 
> workstation. If you're a wandering user who hasn't joined the domain, 
> you'll be required to authenticate by the server before being given 
> access to resources - hence showing that you at least hold the 
> credentials the legitimate user must hold.
>
> If you're familiar with kerberos, then you'll already have a general 
> grasp of how it works. In fact, with win2k is _is_ based on Kerberos, 
> and with Win2k3 is can actually comply with the Kerberos standard they 
> mangled for Win2k.
>
> Windows domains also have a shared, global group of user identities. 
> Each identity has a GUID (Globally Unique IDentifier) in the domain, 
> so there are no problems with conflicts. Anyway, as the domain is part 
> of the user identity - DOMAIN1\trina is a different user to 
> DOMAIN2\trina - that's not all that big a deal. This is a bit like 
> having UNIX systems that identify users as username at DOMAIN (where 
> DOMAIN is the kerberos domain).
>
> So overall, the Windows way is much, much, much less scary than the 
> NFS "Well, the user ID's match. Hope it's not co-incidence; let'em 
> in." NFS made sense when computers were immense and expensive and the 
> sysadmin was a scary, scary person. These days it's totally stupid.
>
> I look forward to NFSv4 with Kerberos. I'll be playing with it here 
> when I get time, and I'll let you folks know how I go.
>
> -- 
> Craig Ringer
>
> _______________________________________________
> PLUG discussion list: plug at plug.linux.org.au
> http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>

More information about the plug mailing list