Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
better way to get non-root to use mount
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo
View previous topic :: View next topic  
Author Message
danboston
n00b
n00b


Joined: 17 Nov 2016
Posts: 47

PostPosted: Fri Feb 17, 2017 11:14 pm    Post subject: better way to get non-root to use mount Reply with quote

So... as my non-root user:
Code:

~$ mount /mnt/cdrom1
mount: must be superuser to use mount
~$ grep cdrom1 /etc/fstab
/dev/sr1         /mnt/cdrom1      auto        noauto,user,ro   0   0
~$

Googling reveals things like http://www.linuxquestions.org/questions/slackware-14/must-be-superuser-to-use-mount-fstab-is-correct-however-144932/ , which say to suid and/or guid on the actual found and umount executables. Seems a bit kludgy to do it that way, and also it will be undone every time they (mount and umount) get updated in an emerge world. Also, could be a security reduction?

While the above will work, is there a better way to get mount to work for non-root?
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Sat Feb 18, 2017 12:04 am    Post subject: Reply with quote

danboston ...

If you're using app-admin/sudo ...

visudo -f /etc/sudoers.d/danboston:
danboston ALL=(ALL) NOPASSWD: /bin/mount, /bin/umount

... obviously adjust the username to reflect that of the account. You would then use 'sudo mount /mnt/cdrom1'.

HTH & best ... khay
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21489

PostPosted: Sat Feb 18, 2017 1:42 am    Post subject: Reply with quote

I see /bin/mount as suid by default. What is the output of ls -l /bin/mount ; emerge --pretend --verbose sys-apps/util-linux?
Back to top
View user's profile Send private message
krinn
Watchman
Watchman


Joined: 02 May 2003
Posts: 7470

PostPosted: Sat Feb 18, 2017 11:22 am    Post subject: Reply with quote

it must be in some faq: just add your user to cdrom group.
Back to top
View user's profile Send private message
roki942
Apprentice
Apprentice


Joined: 18 Apr 2005
Posts: 285
Location: Seattle

PostPosted: Sat Feb 18, 2017 9:03 pm    Post subject: Reply with quote

https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Finalizing
https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/System#About_fstab
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920

PostPosted: Sun Feb 19, 2017 10:18 pm    Post subject: Reply with quote

You might have meant to type users in that fstab line, there's a difference.

net-fs/autofs is also a good option if you deal with external/temporary media a lot. It mounts things on demand and unmounts them afterwards, which is useful because CD drives usually lock the eject button while they're mounted.
Back to top
View user's profile Send private message
danboston
n00b
n00b


Joined: 17 Nov 2016
Posts: 47

PostPosted: Thu Mar 16, 2017 12:58 pm    Post subject: Reply with quote

Ant P. wrote:
You might have meant to type users in that fstab line, there's a difference.

users never works for me. Not in any distro over the past ten years. Googled it ages ago and finally had to conclude it is just one of those things that works for everyone but me. Illogical but the fact is it never has worked for me. You could show me your working fstab with a use of "users". I can copy that exact line and it will not work here. Impossible, but that's how it is.

Thanks everyone for the replies. I ended up going the kludge (suid) route.
Back to top
View user's profile Send private message
Kurmis
n00b
n00b


Joined: 04 Jun 2010
Posts: 38
Location: LV

PostPosted: Thu Mar 16, 2017 10:41 pm    Post subject: Reply with quote

What is Ya device ? /dev/cdrom0 , /dev/sr0 , ... ?
Add/replace to fstab similar line to this one
Code:
/dev/cdrom0        /media/cdrom   udf,iso9660 user,noauto     0       0

and as root run one of this commands
Code:
usermod -a -G cdrom danboston
or
usermod -a -G cdrom,cdrw danboston

__

reboot
Now try to mount Ya cdrom as user.
Back to top
View user's profile Send private message
Goverp
Veteran
Veteran


Joined: 07 Mar 2007
Posts: 1971

PostPosted: Fri Mar 17, 2017 8:34 am    Post subject: Reply with quote

danboston wrote:
...
users never works for me.
...

user, not users
_________________
Greybeard
Back to top
View user's profile Send private message
The Doctor
Moderator
Moderator


Joined: 27 Jul 2010
Posts: 2678

PostPosted: Fri Mar 17, 2017 8:44 am    Post subject: Reply with quote

Goverp wrote:
danboston wrote:
...
users never works for me.
...

user, not users
Actually both are valid and work slightly differently.

My fstab
Code:
/dev/cdrom      /mnt/cdrom   auto      users,noauto,ro   0 0
From the terminal:
Code:
Tomcat ~% mount /mnt/cdrom
Tomcat ~%  groups
... cdrom users ...
The OP's problem suggests a group problem.
_________________
First things first, but not necessarily in that order.

Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box.
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3920
Location: Hamburg

PostPosted: Fri Mar 17, 2017 10:10 am    Post subject: Reply with quote

khayyam wrote:
danboston ...

If you're using app-admin/sudo ...

visudo -f /etc/sudoers.d/danboston:
danboston ALL=(ALL) NOPASSWD: /bin/mount, /bin/umount

... obviously adjust the username to reflect that of the account. You would then use 'sudo mount /mnt/cdrom1'.

HTH & best ... khay

Better create a simple wrapper which calls "mount /dev/cdrom" or so and make that sudo-runable instead giving general (u)mount right to the user, or ?
Back to top
View user's profile Send private message
xaviermiller
Bodhisattva
Bodhisattva


Joined: 23 Jul 2004
Posts: 8706
Location: ~Brussels - Belgique

PostPosted: Fri Mar 17, 2017 10:30 am    Post subject: Reply with quote

Hi,

What is your environment? Do you have an advanced desktop management that can support user mounts through udisks/polkit/systemd?

I use pmount and uam that work very well with removable devices.
_________________
Kind regards,
Xavier Miller
Back to top
View user's profile Send private message
steveL
Watchman
Watchman


Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery

PostPosted: Fri Mar 17, 2017 9:51 pm    Post subject: Reply with quote

The Doctor wrote:
My fstab
Code:
/dev/cdrom      /mnt/cdrom   auto      users,noauto,ro   0 0
From the terminal:
Code:
Tomcat ~% mount /mnt/cdrom
Tomcat ~%  groups
... cdrom users ...
The OP's problem suggests a group problem.
Does sound like it.
What about plugdev? (Maybe show all your groups.)

Handy debian page on the subject, for anyone curious.

Ah, I see that the suid bit was not set on /sbin/mount, which is incorrect.
(Why are we still rambling about this? ;-)

That's not a "kludge", by any means. It's by design, and how UNIX has operated for over 40 years.
Obviously, an installation, OS vendor (or nowadays, distributor) must be careful about installing suid binaries (one reason why separate mounts can be useful), and sysadmins are supposed to stay on top of security, whatever OS you use.
Back to top
View user's profile Send private message
The Doctor
Moderator
Moderator


Joined: 27 Jul 2010
Posts: 2678

PostPosted: Sat Mar 18, 2017 2:01 am    Post subject: Reply with quote

steveL wrote:
The Doctor wrote:
My fstab
Code:
/dev/cdrom      /mnt/cdrom   auto      users,noauto,ro   0 0
From the terminal:
Code:
Tomcat ~% mount /mnt/cdrom
Tomcat ~%  groups
... cdrom users ...
The OP's problem suggests a group problem.
Does sound like it.
What about plugdev? (Maybe show all your groups.)
...
Okay, but it is a bit of a mess. I haven't cleaned up unused groups. My understanding was that plugdev was one such obsolete and used by hal and policykit.
Code:
lp wheel uucp audio cdrom video games kvm users vmware scanner lpadmin plugdev portage <user>

_________________
First things first, but not necessarily in that order.

Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9645
Location: almost Mile High in the USA

PostPosted: Sat Mar 18, 2017 2:54 am    Post subject: Reply with quote

1. Set suid your (modern+secure) mount/umount program is fine. If you have USE=suid on util-linux (which is +default) this should be done for you. I'd be worried about using sudo as it resets your uid to euid. If your mount program isn't sudo aware, it could be a security hole.

A modern mount utility checks if your fstab contains the user flag and only allows those entries for regular users. Of course, having root privileges is still needed to actually do the mount. This is not a hack or kludge, this is actually a feature that was added to modern mount for today's usage requirements where users can bring their own beer(disk) which was something that was not typical/allowed in traditional un*x!

Do NOT arbitrarily suid ancient mount/umount binaries or on other un*x - ensure it honors the "user" flag before doing so. On older mounts and non util-linux mount, you would have to use a wrapper and this would be a kludge.

2. ls -l /dev/sr* and look at the group that udev/eudev/mdev/you/... put the device in. Ensure that user is in that group, whatever it is.

The alternative is to ignore all of the above and let consolekit/polkit/systemd and Udisks automatically deal with permissions for you, and you can use "udisksctl mount" as long as you're sitting at console.
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum