Here's an update.
Two things have ocurred recently....
If you check this bug at https://bugzilla.redhat.com/show_bug.cgi?id=517195
you'll note that it now says 'Fixed In Version: samba-3.0.33-3.23.el5 '.
This is great news.
I have now implemented a different (and I think more appropriate solution) using the pam_mount module.
I'd never seen this pam module before, and when I read what it does I couldn't believe my eyes - it mounts volumes when a user starts a session and unmounts them when their session ends!
Whilst an RPM wasn't available for Red Hat 4 I found some extra packages for Cent OS 4 here: http://centos.karan.org/el4/extras/stable/
which install and run just fine on RHEL4. (remember to get both the 32 bit and 64 bit RPMS if you're running a 64 bit system as some 32 bit apps like Exceed onDemand need the 32 bit pam_mount.so)
For those who are interested, here is my /etc/security/pam_mount.conf:
lsof /usr/sbin/lsof %(MNTPT)
fsck /sbin/fsck -p %(FSCKTARGET)
losetup /sbin/losetup -p0 "%(before=\"-e \" CIPHER)" "%(before=\"-k \" KEYBITS)" %(FSCKLOOP) %(VOLUME)
unlosetup /sbin/losetup -d %(FSCKLOOP)
cifsmount /bin/mount -t cifs //%(SERVER)/%(VOLUME) %(MNTPT) -o "username=%(USER)%(before=\",\" OPTIONS)"
smbmount /bin/mount -t smbfs //%(SERVER)/%(VOLUME) %(MNTPT) -o "username=%(USER)%(before=\",\" OPTIONS)"
ncpmount /bin/mount -t ncpfs %(SERVER)/%(USER) %(MNTPT) -o "pass-fd=0,volume=%(VOLUME)%(before=\",\" OPTIONS)"
umount /bin/umount %(MNTPT)
lclmount /bin/mount -p0 %(VOLUME) %(MNTPT) "%(before=\"-o \" OPTIONS)"
cryptmount /bin/mount -t crypt "%(before=\"-o \" OPTIONS)" %(VOLUME) %(MNTPT)
nfsmount /bin/mount %(SERVER):%(VOLUME) "%(MNTPT)%(before=\"-o \" OPTIONS)"
mntagain /bin/mount --bind %(PREVMNTPT) %(MNTPT)
mntcheck /bin/mount # For BSD's (don't have /etc/mtab)
pmvarrun /usr/sbin/pmvarrun -u %(USER) -d -o %(OPERATION)
volume * cifs server1 data /winmounts/&/data uid=&,gid=users,dirmode=0700,filemode=0700 - -
volume * cifs server2 home /winmounts/&/home uid=&,gid=users,dirmode=0700,filemode=0700 - -
- The 'mkmountpoint 1' line means that the mount points get created automatically
- On the 'volume' line '&' gets replaced with the current user
- uid=& makes the current user the owner for all files and directories
- Setting filemode and dirmode 0700 means that only the owner ends up with permission to it, which stops user B accessing a share that user A has mounted.
And to make it all work, here my /etc/pam.d/sshd:
auth required pam_stack.so service=system-auth
auth required pam_mount.so use_first_pass
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_loginuid.so
session optional pam_mount.so
So it's not exactly what we set out to fix, but it works better.
And that's it for the year from me - I'm off to Malaga for Christmas now!!!
Merry Christmas everybody, and Happy New Year.