• Jeff Layton's avatar
    cifs: tighten up default file_mode/dir_mode · f55ed1a8
    Jeff Layton authored
    The current default file mode is 02767 and dir mode is 0777. This is
    extremely "loose". Given that CIFS is a single-user protocol, these
    permissions allow anyone to use the mount -- in effect, giving anyone on
    the machine access to the credentials used to mount the share.
    
    Change this by making the default permissions restrict write access to
    the default owner of the mount. Give read and execute permissions to
    everyone else. These are the same permissions that VFAT mounts get by
    default so there is some precedent here.
    
    Note that this patch also removes the mandatory locking flags from the
    default file_mode. After having looked at how these flags are used by
    the kernel, I don't think that keeping them as the default offers any
    real benefit. That flag combination makes it so that the kernel enforces
    mandatory locking.
    
    Since the server is going to do that for us anyway, I don't think we
    want the client to enforce this by default on applications that just
    want advisory locks. Anyone that does want this behavior can always
    enable it by setting the file_mode appropriately.
    Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
    Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
    f55ed1a8
connect.c 81.7 KB