Fusesmb [was: Community Meeting updates]
Jeff Wishnie
jeff at inveneo.org
Sat Jul 19 19:17:49 UTC 2008
I've played with the fusesmb hack and it has several issues.
The biggest being that it doesn't take care of the most common need
for SMB network browsing:
- They typically poorly administered Windows file sharing network
In this scenario, various Windows servers and desktops share
individual folders with different sets of credentials. That is, they
are _not_ centrally maintained in ActiveDirectory.
As a result, users generally have to know different uname/password
pairs per share.
E.g.
- to access the 'accounting' share you enter 'accounting/some-passwd'
- to access the 'engineering' share, you enter 'engineer/some-other-
passwd'
The fusesmb restriction that all connections to SMB servers are made
as the currently-loged-in user with a password saved in a clear-text
file means you can _only_ access shares explicitly set-up to be
readable by that user. Which, in my experience, is rarely how Windows
networks are set-up.
The Fusesmb solution just doesn't really help much for practical
applications.
That said, I _really_ need a good solution to SMB file-share browsing/
mounting for XFCE.
I was thinking an interesting approach might be to use a couple
cooperating processes and D-Bus much the way NetworkManager works.
The idea in brief:
- Implement a headless (no UI) SMB mounting daemon to listen for SMB
mount requests over D-Bus
- Implement a GTK based UI daemon to gather credentials for the
mounting daemon when needed
I'm not exactly sure how to get browsing to work (probably some VFS
extension or Thunar Plug-in), but here is how a simple scenario of
mounting a known location could work:
Imagine a Desktop Icon that runs a small utility to message the SMB
mounting daemon to mount a share. Something like:
"mountsmb //aserver/ashare"
2. User dbl-clicks icon
3. command sends d-bus message to mounting daemon
4. Mounting daemon attempts to mount share to standard location (e.g. /
media/network/<share name>)
5. If no-passwd mount fails (likely), mounting daemon sends a 'mount
failed' d-bus
6. GTK app listening for mount-failed requests, receives message, and
display dialog to gather uname/pwd for the share
7. GTK app sends a mount message back to dbus, now containing uname/pwd
8. Mounting daemon receives new mount request w/credentials and
successfully mounts share
9. Mounting daemon sends dbus 'mount success' message
10. GTK app receives 'mount success' message and opens Thunar viewer
displaying /media/network/<share name>
I think with the functionality available in the Samba libraries this
would be fairly easy to implement, and to extend to do nice things
like store credentials in the gnome-keyring for repeat mounts.
The main advantages I see of this approach:
1. it keeps Thunar from having to know anything about network
filesystems (one of their design goals)
2. It supports users connecting to shares with arbitrary sets of
credentials
3. All credentials can be stored in gnome-keyring, rather than out in
the public
4. pretty straight forward implementation
What I'm not clear on is how to integrate with either VFS or Thunar
via plugin-API to create a special 'network' folder that would display
the results of an SMB Browse (to show all net-local servers) and then
kick off a mount when a share is selected.
Any thoughts on this approach?
- Jeff
------------------------
CTO, Inveneo Inc.
web: http://www.inveneo.org
phone: +1-415-901-1969 x 1270
mobile: +1-415-377-3715
email: jeff at inveneo.org
aim/yahoo/msn/gtalk/skype: jwishnie
On Jul 15, 2008, at 2:09 AM, Chris Francy wrote:
> On Mon, Jul 14, 2008 at 8:59 AM, Vincent <mailinglists at vinnl.nl>
> wrote:
>> For those who don't know, a quick overview can be read at [1], the
>> meetin log can be read at [2].
>> [1] https://wiki.ubuntu.com/Xubuntu/Meetings/Archive/Minutes/2008-07-12
>> [2] https://wiki.ubuntu.com/MeetingLogs/Xubuntu_2008-07-12
>
>> [16:11] <cody-somerville> Who has tried that fusesmb hack?
>> [16:13] <cody-somerville> Might we could do is have fusesmb mount
>> on login configured with their credentials, etc. etc.
>> [16:12] <cody-somerville> j1mc, although I couldn't write to share
>> but I dunno if that was fusesmb or how the share's configuration
>
> I have used the fusesmb for network browsing.
>
> Installing by default worries me a bit. With fusesmb you have to
> store the unencrypted smb passwords in a text file for it to work.
>
> On the system where I use fusesmb I have dm-crypt setup for all my
> filesystems. So having my passwords unencrypted in the filesystem
> isn't as big of an issue since the entire partition is encrypted. I
> don't think most people use whole-disk encryption though. So it seems
> like users should be warned/reminded about the possibility that anyone
> with a livecd could steal there authentication credentials.
>
> --
> xubuntu-devel mailing list
> xubuntu-devel at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/xubuntu-devel
More information about the xubuntu-devel
mailing list