You are not logged in.

#1 2011-02-09 17:25:41

speaktorob
Member
Registered: 2011-02-09
Posts: 4

mount: only root can do that... can't get fstab entry working?

Hi all,

I want to mount a windows network drive on my archlinux box, but as a user called "backup". They are the sole user in the group "backup".

Here is the result of cat /etc/fstab:

devpts                 /dev/pts      devpts    defaults            0      0
shm                    /dev/shm      tmpfs     nodev,nosuid        0      0
<ip removed for security>     /mnt/<drive name>      cifs      user,uid=1002,gid=1002,rw,sync   0    0

#/dev/cdrom             /media/cd   auto    ro,user,noauto,unhide   0      0
#/dev/dvd               /media/dvd  auto    ro,user,noauto,unhide   0      0
#/dev/fd0               /media/fl   auto    user,noauto             0      0

Both the user and group ids are 1002.

Can anyone shed any light on why I am still getting the error message in the subject when I try to mount /mnt/<drive name> -o <connex credentials>?


PS Hello, I'm a newbie! big_smile

Offline

#2 2011-02-09 17:38:56

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: mount: only root can do that... can't get fstab entry working?

Can you mount if you use 'sudo'?

Offline

#3 2011-02-09 17:43:44

fsckd
Forum Fellow
Registered: 2009-06-15
Posts: 4,173

Re: mount: only root can do that... can't get fstab entry working?

Would you believe if I said the answer is in your fstab already? Search man mount for "non-superuser mounts" and read that section. As long as you can mount as root you should be able to mount as user.

Also, by your fstab entry, it looks your system will try to mount that filesystem at boot.


aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies

Offline

#4 2011-02-09 22:58:44

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,230
Website

Re: mount: only root can do that... can't get fstab entry working?

fsckd wrote:

As long as you can mount as root you should be able to mount as user.

Only if the mount binary is suid root, which mount.cifs isn't.

I'm not sure why it isn't suid, but I've come across the issue as well. It may be an Arch packaging issue, or it may be an upstream issue. I haven't looking very far into it.

Last edited by fukawi2 (2011-02-09 23:00:00)

Offline

#5 2011-02-10 10:32:53

speaktorob
Member
Registered: 2011-02-09
Posts: 4

Re: mount: only root can do that... can't get fstab entry working?

> Can you mount if you use 'sudo'?

Probably, but I am mounting in a bash script and I don't want to put the root password in there for security reasons, that's why I'm using a separate user for running the script :-)


> Only if the mount binary is suid root, which mount.cifs isn't.

Mmmkay, does that mean if I set the suid bit on mount.cifs, I should be able to then mount as the user "backup"? After trying that, I get this:

[root@xxxxxxxxx sbin]# chmod u=rws /usr/sbin/mount.cifs
[root@xxxxxxxxx sbin]# su backup
[backup@xxxxxxxxx sbin]$ mount /mnt/emu/
/sbin/mount.cifs: not installed setuid - "user" CIFS mounts not supported.

Also, how serious are the security risks when doing this?

Offline

#6 2011-02-10 10:53:44

speaktorob
Member
Registered: 2011-02-09
Posts: 4

Re: mount: only root can do that... can't get fstab entry working?

Hmm, this tasty old post from April last year sheds some light on the issue.

So it seems that mount.cifs had the suid bit permanently disabled for security reasons. There is a new version available linked from that post, and I'm about to try it to see if it solves the problem... will post back with the results.

Last edited by speaktorob (2011-02-10 10:54:27)

Offline

#7 2011-02-10 12:47:37

speaktorob
Member
Registered: 2011-02-09
Posts: 4

Re: mount: only root can do that... can't get fstab entry working?

Well, I came very close... this is what I did:

1. Downloaded the latest version of cifs_utils from samba.org
2. Ran ./configure and make
3. Set the suid bit on the resulting mount.cifs file, and copied to /sbin and /usr/sbin (backing up the originals first!!)

4. At this point,

mount /mnt/<share>

was still reporting the usual "only root can mount [...]" blah blah, regardless of what I put in the -o flag. However, manually setting the environment variables USER and DOMAIN somehow allowed me to skip past that message, and I was prompted for a "Password:". Not sure why, but setting PASS, PASSWD or PASSWORD did nothing to prevent the prompt. And after typing my password for the network share, voila, I was let in! Hurrah.
5. I couldn't figure out how to enter the password from a bash script without using expect, so that was that. I gave up and am now using root to run the script. :-S


Any comments welcome.

Offline

Board footer

Powered by FluxBB