 |
README - susmb - fork from usmb 20130204: mount SMB/CIFS shares via FUSE |
 |
git clone git://git.codemadness.org/susmb |
 |
Log |
|
Files |
|
Refs |
|
README |
|
LICENSE |
|
--- |
|
README (4479B) |
|
--- |
|
1 susmb - Unprivileged mounting of SMB/CIFS shares via FUSE |
|
2 ========================================================= |
|
3 |
|
4 Introduction |
|
5 ------------ |
|
6 |
|
7 susmb lets you mount SMB/CIFS shares via FUSE, in the vein of the Map Ne… |
|
8 Drive functionality in Windows. |
|
9 |
|
10 The two existing FUSE filesystems that I know of (SMB for FUSE and fuses… |
|
11 mimic Windows' Network Neighbourhood by letting you browse hosts and sha… |
|
12 This means that you must run a NetBIOS name server and can't see hosts t… |
|
13 aren't advertised via NetBIOS. |
|
14 |
|
15 You can build [u]mount.cifs in the Samba distribution and install them |
|
16 setuid root, but that has its own set of security implications. In any |
|
17 case there's no need for network filesystem code to be in the kernel: |
|
18 bugs could lead to remotely exploitable kernel vulnerabilities. Running |
|
19 the SMB client code in user space as an unprivileged user limits the |
|
20 potential damage due to bugs. |
|
21 |
|
22 A user space implementation will be slower than a kernel filesystem since |
|
23 the data must be copied in and out of the fuse process' context as well … |
|
24 in/out of the user process' context. Mitigating factors are: |
|
25 |
|
26 1. Increased security. |
|
27 2. Containment of bugs. |
|
28 3. Throughput is more likely to be limited by network bandwidth rather t… |
|
29 local memory copying. |
|
30 4. The client filesystem code can be upgraded/fixed without kernel chang… |
|
31 |
|
32 |
|
33 Dependencies |
|
34 ------------ |
|
35 |
|
36 - FUSE 2.6 or later (and probably <3). |
|
37 - libsmbclient 4.20+ (part of Samba) - www.samba.org (samba 3.3+ require… |
|
38 |
|
39 |
|
40 Installation |
|
41 ------------ |
|
42 |
|
43 make |
|
44 make install # Maybe as root, depending on your installation prefix. |
|
45 |
|
46 |
|
47 Configuration and usage |
|
48 ----------------------- |
|
49 |
|
50 See the man page. |
|
51 |
|
52 |
|
53 Acknowledgements |
|
54 ---------------- |
|
55 |
|
56 Geoff Johnstone, the main author of the original usmb program. |
|
57 |
|
58 Jonathan Schultz (Email <firstname> at imatix.com) provided a patch |
|
59 to fix the display of file modification times. |
|
60 |
|
61 Stijn Hoop (Email <firstname> at sandcat.nl) provided a patch to fix |
|
62 a compilation problem on 64-bit platforms. |
|
63 |
|
64 Nigel Smith (Email me at <firstname>.<surname>.name) contributed the |
|
65 port to Samba 3.2. |
|
66 |
|
67 Michal Suchanek (Email hramrach at centrum dot cz) contributed the |
|
68 Debian packaging and the initial implementation of ~-expansion. |
|
69 |
|
70 |
|
71 Changes |
|
72 ------- |
|
73 |
|
74 This is a fork of usmb 20130204 |
|
75 http://repo.or.cz/w/usmb.git/snapshot/aa94e132c12faf1a00f547ea4a96b57286… |
|
76 (git commit aa94e132c12faf1a00f547ea4a96b5728612dea6) |
|
77 |
|
78 It has the patches applied from OpenBSD ports 7.6: |
|
79 https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/sysutils/usmb/ |
|
80 |
|
81 It is mainly tested on OpenBSD (Linux has a SMB/CIFS driver anyway). |
|
82 |
|
83 Below is a summary of the most important changes: |
|
84 |
|
85 Performance: |
|
86 |
|
87 - Set struct stat st.st_blksiz to a higher number for more efficient buf… |
|
88 for programs using the standard FILE* stdio interfaces. Huge improveme… |
|
89 reads and writes. |
|
90 On OpenBSD the default block size for FUSE is 512 bytes. |
|
91 This cripples network performance. |
|
92 On OpenBSD there is no FUSE caching layer, so each read call had more … |
|
93 - Remove the hardcoded FUSE mount option max_read=N. |
|
94 This cripples network performance. |
|
95 |
|
96 |
|
97 Security: |
|
98 |
|
99 - Many code simplifications and deletions (attack surface and easier to … |
|
100 - Use unveil(2) syscall to lock down much of the filesystem except the |
|
101 mountpoint and required FUSE devices. |
|
102 - Optional priviledge dropping support: on OpenBSD FUSE would need to ru… |
|
103 (sysctl kern.usermount was removed around July 2016, around |
|
104 commit 65c8a8a0394483b41de8f02c862e65fb529cf538). |
|
105 After mounting the filesystem and acquiring access to the FUSE driver |
|
106 priviledges are dropped. This is not perfect, but at least now the Sam… |
|
107 code runs as a user again. |
|
108 - Remove support for reading the password from the terminal. This can be |
|
109 insecure and caused issues when running as a daemon and the network cr… |
|
110 changed. |
|
111 |
|
112 |
|
113 Cleanups: |
|
114 |
|
115 - Merge everything into one C file for easier code review. |
|
116 - Remove Samba < 3.3 compatibility layer and code. This is hard to test |
|
117 nowadays anyway. |
|
118 - Use getopt for option parsing: remove dependences on glib which was us… |
|
119 option parsing only. |
|
120 Remove long option support. |
|
121 - Remove libxml2 dependency and configuration via XML. Configuration is … |
|
122 done via a simpler syntax as a URI from the command-line. This was also |
|
123 listed in the man page under the BUGS section as a wanted feature. |
|
124 - Remove autoconf and Debian-specific packaging files. Use a simple Make… |
|
125 - Man page rewritten from roff to mandoc. |
