You are not logged in.

#1 2024-11-27 17:20:04

xerxes_
Member
Registered: 2018-04-29
Posts: 820

[Solved] How to use idmapped mounts (from terminal)?

I was trying to mount idmap mount, but I had wrong syntax error in command and I can't figure out why. Command output said to look in: "mount --help", but there was nothing useful. I also read manual for mount, search in internet and I thought I understand it, but it looks like I'm not.
These were commands I tried:

mount X-mount.idmap=b:0:1000:1000 /lost+found/ iso/
mount -o X-mount.idmap=b:0:1000:1000 /lost+found/ iso/
mount X-mount.idmap=b:1000:0:1 /root/ iso/
mount X-mount.idmap=b:1000:0:1 1000:0:1 /root/ iso/
mount X-mount.idmap=b:1000:0:1 1000:0:2 /root/ iso/
mount X-mount.idmap=b:1000:0:1
mount X-mount.idmap=/proc/628/ns/user
mount -o X-mount.idmap=/proc/628/ns/user
mount --map-users /proc/628/ns/user

So, how correct syntax?

And if I understand the purpose of idmapped mounts - it works like bind mount but with ability to change permissions for user(s), group(s) or both? Or am I wrong?

Last edited by xerxes_ (2024-11-28 21:36:35)

Offline

#2 2024-11-28 07:43:19

seth
Member
Registered: 2012-09-03
Posts: 60,372

Re: [Solved] How to use idmapped mounts (from terminal)?

Any reason you're not using "--map-groups, --map-users inner:_outer_:_count_"?

Offline

#3 2024-11-28 17:23:06

xerxes_
Member
Registered: 2018-04-29
Posts: 820

Re: [Solved] How to use idmapped mounts (from terminal)?

I don't know how:

# LC_ALL=C mount --map-users 0:1000:1 /lost+found/ iso/
mount: /home/user/iso: fsconfig system call failed: /lost+found: Can't lookup blockdev.
       dmesg(1) may have more information after failed mount system call.
# LC_ALL=C mount --map-users b:0:1000:1 /lost+found/ iso/
mount: iso/: failed to parse mount options 'rw,X-mount.idmap="u:b:0:1000:1"'.

But dmesg or journalctl didn't registered that operation.
'iso/' is just empty directory in my home directory.

Offline

#4 2024-11-28 18:31:00

seth
Member
Registered: 2012-09-03
Posts: 60,372

Re: [Solved] How to use idmapped mounts (from terminal)?

Try "--bind"
Try

LC_ALL=C mount --bind --map-users 0:1000:1 /lost+found/ iso/

Offline

#5 2024-11-28 19:11:16

xerxes_
Member
Registered: 2018-04-29
Posts: 820

Re: [Solved] How to use idmapped mounts (from terminal)?

# LC_ALL=C mount --bind --map-users 0:1000:1 /lost+found/ iso/
mount: /home/user/iso: mount failed: Unknown error 5013.

Offline

#6 2024-11-28 19:24:46

seth
Member
Registered: 2012-09-03
Posts: 60,372

Re: [Solved] How to use idmapped mounts (from terminal)?

https://github.com/cockpit-project/cockpit/issues/21201

Have your tried this w/ a non-bind mount (ie. mount an actual device - in doubt a filesystem image)?

Alternatively:
https://aur.archlinux.org/packages/bindfs
https://bindfs.org/docs/bindfs.1.html

Offline

#7 2024-11-28 19:53:50

xerxes_
Member
Registered: 2018-04-29
Posts: 820

Re: [Solved] How to use idmapped mounts (from terminal)?

Thanks, that's what worked and what I was looking for:

mount -o bind,X-mount.idmap=b:0:1000:1 /root/ iso/
mount -o ro,bind,X-mount.idmap=0:1000:1 /root/ iso/

When mounted, 'mount' command,  'cat /proc/mounts ', 'cat /etc/mtab' or 'cat /proc/self/mounts' returned also that line:

/dev/sda2 on /home/user/iso type ext4 (rw,relatime,idmapped)

or

/dev/sda2 /home/user/iso ext4 rw,relatime,idmapped 0 0

Last edited by xerxes_ (2024-11-29 12:58:33)

Offline

#8 2024-11-28 20:02:48

seth
Member
Registered: 2012-09-03
Posts: 60,372

Re: [Solved] How to use idmapped mounts (from terminal)?

That maps GID and UID but otherwise should™ be equivalent - seems you cannot mix --bind and --map-* and have to use the -o syntax.

Please always remember to mark resolved threads by editing your initial posts subject - so others will know that there's no task left, but maybe a solution to find.
Thanks.

Did you follow some wiki to arrive here that needs a notice?

Offline

#9 2024-11-28 21:19:17

xerxes_
Member
Registered: 2018-04-29
Posts: 820

Re: [Solved] How to use idmapped mounts (from terminal)?

Just to clarify: trying to map only UID (u) or only GID (g) didn't worked and returned earlier '5013 unknown mount' error. I had to use both (b) or omit it, at least in that case.

seth wrote:

Did you follow some wiki to arrive here that needs a notice?

Short answer: no.

Longer:
I didn't followed any arch wiki because I didn't found it there. I searched in arch wiki "mount", but it redirected me to "File systems". This link which you posted in #6 guided me to solution (I don't know how you found it, because I didn't had it in search results):
https://github.com/cockpit-project/cockpit/issues/21201

After I found solution I search in arch wiki "idmap" and it returned mostly idmap in some configuration files, so not what I was looking for:
https://wiki.archlinux.org/title/SSHFS
https://wiki.archlinux.org/title/Active … ntegration
https://wiki.archlinux.org/title/Samba/ … controller
https://wiki.archlinux.org/title/Systemd-nspawn

Last edited by xerxes_ (2024-11-29 12:59:51)

Offline

#10 2024-11-28 22:17:30

seth
Member
Registered: 2012-09-03
Posts: 60,372

Re: [Solved] How to use idmapped mounts (from terminal)?

I didn't mean so much a wiki about the idmap mounts specifically but the idmap being part of a bigger task.

Offline

#11 2024-11-29 13:10:06

xerxes_
Member
Registered: 2018-04-29
Posts: 820

Re: [Solved] How to use idmapped mounts (from terminal)?

I was just looking for areas or features or things that Linux has over Windows and mount has some of that features.

I find out that Windows don't have ability to mount partition in read only mode without changing any bit/byte (it has to write a byte to mark partition as read only). With Linux it is simply '-o ro' or '-r' option in mount. For forensics task in Windows they have to use special devices blocking writes on disk/partition.

Also Windows don't have bind mount (or I don't know about it) and idmap mount.

Idmap mount is something I was wanted to try and see how it works. I don't know for what to use it yet.

Last edited by xerxes_ (2024-11-29 13:13:11)

Offline

Board footer

Powered by FluxBB