You are not logged in.

#1 2009-05-25 13:30:08

Aktau
Member
From: Antwerp, Belgium / BCN, Spain
Registered: 2009-04-04
Posts: 19
Website

[SOLVED] Apparently, I don't understand mount

Hey there!

I'm having some problems with automounting and other things, so I started working on fixing that, but first I at least want to get a few things sorted out.

For example, when I want to mount a CD-ROM, what I currently do is this:

1) start thunar in _root_ mode, if I don't do it in root it complains with a HAL error that it can't do it
2) click the CD icon in left pane
3) do my stuff (usually start smplayer wink )

To unmount, I just type "sudo umount /media/dvd"

Now, I was going to check on this HAL issue, but then a friend of mine alerted me to the fact that I shouldn't even be using sudo to mount.
I was curious as to why, it seems logical to need root privileges for something like that.

But then he told me about executable permissions, my mount had "-rwxr-xr-x", his had "-rwsr-xr-x". He told me about the "s" flag and how it makes the system think that you're root
when you execute it without sudo, even if you're not. So I changed the permissions on my /bin/mount. It still wouldn't work, it told me I needed to be root to mount. Then I changed the group of the
executable to "storage" instead of "root". Still no dice (even though my user is a member of storage).

I'd like to get this minor niggle fixed first before I try to even contemplate tackling the horrible mess that is udev/hal (I don't understand anything about it).

Thanks in advance!

Last edited by Aktau (2009-05-25 16:03:49)

Offline

#2 2009-05-25 13:53:18

Berticus
Member
Registered: 2008-06-11
Posts: 731

Re: [SOLVED] Apparently, I don't understand mount

I believe you need to be in the storage group for you to have permission. I always just included removable media in my fstab

# 
# /etc/fstab: static file system information
#
# <file system>        <dir>         <type>    <options>          <dump> <pass>
none                   /dev/pts      devpts    defaults            0      0
none                   /dev/shm      tmpfs     defaults            0      0

#/dev/cdrom             /media/cd   auto    ro,user,noauto,unhide   0      0
#/dev/dvd               /media/dvd  auto    ro,user,noauto,unhide   0      0
#/dev/fd0               /media/fl   auto    user,noauto             0      0

/dev/mapper/home /home jfs defaults 0 1
/dev/mapper/root / ext4 defaults 0 1
/dev/mapper/vg1-common /common xfs user 0 1
tmpfs /tmp tmpfs rw,mode=1777,size=1G,nodev,nosuid 0 0
UUID=379e1e47-6124-44a2-bc26-7a41e7df561e /boot ext2 defaults,noauto 0 1
#UUID=bf46dfa7-93ad-43f1-86d4-4c30435ed1d7 swap swap defaults 0 0
/dev/mapper/swap swap swap defaults 0 0
#/dev/sdb1 /mnt/widows ntfs-3g defaults 0 0

# mount points for removable media
/dev/cdrom0 /media/cd0 auto,iso9660 ro,user,noauto,unhide 0 0
/dev/cdrom1 /media/cd1 auto,iso9660 ro,user,noauto,unhide 0 0
/dev/dvd0 /media/dvd0 auto,iso9660 ro,user,noauto,unhide 0 0
/dev/dvd1 /media/dvd1 auto,iso9660 ro,user,noauto,unhide 0 0
/dev/sdd1 /media/usb0 auto,vfat,ext2,ntfs-3g rw,user,noauto 0 0
/dev/sde1 /media/usb1 auto,vfat,ext2,ntfs-3g rw,user,noauto 0 0
/dev/sdf1 /media/usb2 auto,vfat,ext2,ntfs-3g rw,user,noauto 0 0
/dev/sdg1 /media/usb3 auto,vfat,ext2,ntfs-3g rw,user,noauto 0 0

Then if I want to mount a usb drive, I type:

$ mount /media/usb0

Or something like that, depends on what I want mounted. On the family computer, I didn't mess with fstab. Like you, they're using thunar, and I think all I did was add everyone to storage group.

Offline

#3 2009-05-25 13:53:21

Mr.Elendig
#archlinux@freenode channel op
From: The intertubes
Registered: 2004-11-07
Posts: 4,092

Re: [SOLVED] Apparently, I don't understand mount


Evil #archlinux@libera.chat channel op and general support dude.
. files on github, Screenshots, Random pics and the rest

Offline

#4 2009-05-25 14:14:40

Aktau
Member
From: Antwerp, Belgium / BCN, Spain
Registered: 2009-04-04
Posts: 19
Website

Re: [SOLVED] Apparently, I don't understand mount

Thanks for your replies!

@Berticus:
Yep, I know about the "old" fstab approach (although I've never actually done so myself), if I can get nothing to work, I will most certainly try this! (it might even be the easiest way to automount?).
Another thing I wanna add is that my user is most definitely part of the "storage" group, which is why I also talked about setting /bin/mount's group to "storage". Apparently, this isn't the issue.

@MrElendig:
That wiki page is super helpful, it gives the exact error that I receive with Thunar. I'm pretty confident it could be solved if I follow the instructions.

However, I'm afraid I won't have learned anything then. Do you perhaps know why my mount just will not work without sudo? even though I have the "s" flag in user en the "x" flag in group and user? I'd really like to understand the fundamental issue here.

Once again, thanks for your swift and helpful replies, it's much appreciated.

Offline

#5 2009-05-25 14:38:34

dmartins
Member
Registered: 2006-09-23
Posts: 360

Re: [SOLVED] Apparently, I don't understand mount

From what I understand, mount should always have the setuid bit set and it seems to on a Arch install by default.
As you've found, setting this bit doesn't mean mount will let any user mount whatever they want.
Here is what I imagine happens when you run mount /dev/dvd /mnt/dvd. (This is probably not accurate and is definitely simplified)

1. Is the user root? If yes, go to step 5
2. Does the requested command match a line in /etc/fstab? If no, go to step 6
3. According to the matching line in fstab, is a regular user allowed to mount the device? If no, go to step 6
4. Elevate the mount command to be running as root (This is where the setuid bit comes in).
5. Mount the device
6. Exit

Offline

#6 2009-05-25 14:56:51

Aktau
Member
From: Antwerp, Belgium / BCN, Spain
Registered: 2009-04-04
Posts: 19
Website

Re: [SOLVED] Apparently, I don't understand mount

dmartins wrote:

From what I understand, mount should always have the setuid bit set and it seems to on a Arch install by default.
As you've found, setting this bit doesn't mean mount will let any user mount whatever they want.
Here is what I imagine happens when you run mount /dev/dvd /mnt/dvd. (This is probably not accurate and is definitely simplified)

1. Is the user root? If yes, go to step 5
2. Does the requested command match a line in /etc/fstab? If no, go to step 6
3. According to the matching line in fstab, is a regular user allowed to mount the device? If no, go to step 6
4. Elevate the mount command to be running as root (This is where the setuid bit comes in).
5. Mount the device
6. Exit

Wow, so if I'm getting this right, the program can actually choose to ignore the setuid bit? What I thought the setuid bit was, was make "me" appear as "root" whenever I executed a command with the setuid bit (on the user, if the user execute flag says "s"). This is something different from what various internet pages have told me, or I totally misunderstood them.

Basically, the setuid bit is totally unreliable then, because a program will most likely ignore it and just run as your real user, and not as the owner of the file?

Looking at this wikipedia example: http://en.wikipedia.org/wiki/Setuid (scroll down)

Would you say that perhaps mount is using getgid() instead of geteuid()? Has this always been its behaviour?

Thanks in advance!

Offline

#7 2009-05-25 15:00:04

Mr.Elendig
#archlinux@freenode channel op
From: The intertubes
Registered: 2004-11-07
Posts: 4,092

Re: [SOLVED] Apparently, I don't understand mount

Aktau wrote:

Thanks for your replies!
Do you perhaps know why my mount just will not work without sudo? even though I have the "s" flag in user en the "x" flag in group and user? I'd really like to understand the fundamental issue here.

Once again, thanks for your swift and helpful replies, it's much appreciated.

You can only use mount and umount on a mount point, as a user, if it's in fstab with the 'user' or 'users' option. This is a security feature to prevent users from doing nasty things.


Evil #archlinux@libera.chat channel op and general support dude.
. files on github, Screenshots, Random pics and the rest

Offline

#8 2009-05-25 15:20:53

Aktau
Member
From: Antwerp, Belgium / BCN, Spain
Registered: 2009-04-04
Posts: 19
Website

Re: [SOLVED] Apparently, I don't understand mount

Mr.Elendig wrote:
Aktau wrote:

Thanks for your replies!
Do you perhaps know why my mount just will not work without sudo? even though I have the "s" flag in user en the "x" flag in group and user? I'd really like to understand the fundamental issue here.

Once again, thanks for your swift and helpful replies, it's much appreciated.

You can only use mount and umount on a mount point, as a user, if it's in fstab with the 'user' or 'users' option. This is a security feature to prevent users from doing nasty things.

Hmmm, it makes sense from a security point of view.

I've also been digging around in the mount source code, some of the strange things I've encountered while using it that are in the source:

LINE: 918 in mount.c

switch (mnt_err) {
    case EPERM:
      if (geteuid() == 0) {
       if (stat (node, &statbuf) || !S_ISDIR(statbuf.st_mode))
        error (_("mount: mount point %s is not a directory"), node);
       else
        error (_("mount: permission denied"));
      } else {
        error (_("mount: must be superuser to use mount"));
      }
      break;

I've gotten the "mount: must be superuser to use mount" error at least once. This is really strange, as now it's checking on effective uid, which should be root for me

LINE: 1616 in mount.c

    if (getuid () != geteuid ()) {
        suid = 1;
        if (types || options || readwrite || nomtab || mount_all ||
            fake || mounttype || (argc + specseen) != 1)
            die (EX_USAGE, _("mount: only root can do that"));
    }

Look at those conditions, that's just damn weird. These are both single occurences btw, so I know I've made it that far in the code path big_smile

Last edited by Aktau (2009-05-25 15:22:31)

Offline

#9 2009-05-25 15:41:24

dmartins
Member
Registered: 2006-09-23
Posts: 360

Re: [SOLVED] Apparently, I don't understand mount

I was going to try and piece together an explanation for you, but now I think you understand it's not as cut and dry as the setuid bit making the program run with the privledges of it's owner. smile

These PDFs (linked from the bottom of the Wikipedia article on setuid) look like they go deep into the aspects of programming an application designed to use the setuid bit and the security concerns involved.
http://www.cs.berkeley.edu/~daw/papers/ … enix02.pdf
http://www.eecs.berkeley.edu/~daw/paper … gin08b.pdf

I hope this helps you on your journey to enlightenment! wink

Offline

#10 2009-05-25 16:03:29

Aktau
Member
From: Antwerp, Belgium / BCN, Spain
Registered: 2009-04-04
Posts: 19
Website

Re: [SOLVED] Apparently, I don't understand mount

Those are some wonderful documents, they explain perfectly what my misunderstanding has been, and much more! Thanks dmartins.

I will now try to implement MrElendig's HAL suggestion, and mark this thread resolved (if I can).

Thanks to everyone

Offline

Board footer

Powered by FluxBB