[Freeipa-users] Mount cifs share using kerberos
Jakub Hrozek
jhrozek at redhat.com
Sun Jan 11 15:33:23 UTC 2015
On Sun, Jan 11, 2015 at 11:00:16AM +0100, John Obaterspok wrote:
> 2015-01-10 13:32 GMT+01:00 Gianluca Cecchi <gianluca.cecchi at gmail.com>:
>
> > To get the whole root environment you have to run
> > su - root
> > did you try with it?
> >
>
> ahh... that works fine Gianluca!
>
> Final question, if I have a file on the share like:
> [john at ipaserver mountpoint]$ ll test.txt
> -rwxr-----. 1 root admins 12 11 jan 10.42 test.txt
>
> Should I be able to access it if I aquire an admin ticket? Currently I get
> Permission denied
>
> [john at ipaserver mountpoint]$ id
> uid=1434400004(john) gid=1434400004(john) grupper=1434400004(john)
> context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
>
> [john at ipaserver mountpoint]$ getfacl test.txt
> # file: test.txt
> # owner: root
> # group: admins
> user::rwx
> group::r--
> other::---
>
> [john at ipaserver mountpoint]$ id admin
> uid=1434400000(admin) gid=1434400000(admins) groups=1434400000(admins)
>
> [john at ipaserver mountpoint]$ klist
> Ticket cache: KEYRING:persistent:1434400004:krb_ccache_MVjxTqf
> Default principal: admin at MY.LAN
>
> Valid starting Expires Service principal
> 2015-01-11 10:43:52 2015-01-12 10:43:50 krbtgt/MY.LAN at MY.LAN
>
> [john at ipaserver mountpoint]$ cat test.txt
> cat: test.txt: Permission denied
Looks like your account needs to be in the 'admins' group in order to
access the file.
Acquiring the admin ticket doesn't switch the user ID nor add you to the
group..
More information about the Freeipa-users
mailing list