I have the problem, that mounted shared folders (via pam_mount, cifs) are “rw” for every user
of the machine. Detailed setup and description is in the following section.
I’m am using linux Mint 17.x (mainly17.3), with authentication against the LDAP of Nethserver.
We use multiple identical machines, but the Users are in different groups on Nethserver.
The homedirectories of the Users are (still) on a different Server, and NOT HANDLED via pam_mount.
On Nethserver I created several shared folders, owned by different groups on Nethserver
in /etc/security/pam_mount.conf.xml there are lines like
<volume user="*" fstype="cifs" server="172.16.253.3" path="data_share1" mountpoint="/mnt/data/share1" />
When a user logs in, all the shares (defined in pam_mount.conf.xml) are mounted (mountpoints created on the fly by pam_mount) - that’s ok - but they are mounted without any check, if the actual user is allowed to access the share (groupmembership)
I would accept that, if there would be a “Access denied” on trying to enter the folder – but the user may enter, create, delete, … and that is not acceptable for security reasons
Any Ideas ?