smbfs entry in fstab for users...
Urban Widmark
urban at svenskatest.se
Thu Sep 28 08:54:14 GMT 2000
On Wed, 27 Sep 2000, Michael Hieb wrote:
> and here is what happens if any user but root or the owner of
> /local/image tries to mount
> [hieb at lnxwp1 hieb]$ mount /local/image
> [hieb at lnxwp1 hieb]$ cannot mount on /local/image: Operation not permitted
> smbmnt failed: 1
> mount.smbfs: ioctl failed, res=-1
> Could not umount /local/image: Device or resource busy
[smbmount blocking itself in the error handling ...]
> and the directry in question...
> [hieb at lnxwp1 hieb]$ ls -lda /local/image
> drwxrwxrwx 2 nobody users 1024 Sep 16 1999 /local/image
> [hieb at lnxwp1 hieb]$ ls -la /local/image
> total 2
> drwxrwxrwx 2 nobody users 1024 Sep 16 1999 .
> drwxrwxrwx 10 root root 1024 Sep 22 17:56 ..
> [hieb at lnxwp1 hieb]$
>
>
> If this is in the manual, I apologize in advance, I've looked and not
> found anything. If you know please advise, it would make things very
> convenient.
It is in the man page for smbmnt:
"It checks whether the user has write permissions on the mount
point and then mounts the directory."
Which is perhaps not the whole truth, it also checks ownership. "write
permissions" suggests that it is an access check.
smbmnt must be setuid for this to work. smbmnt is a mount program and must
do some authorization checks since it "bypasses" what the normal mount
command does. mount_ok in source/client/smbmnt.c is responsible for this.
It contains this snippet:
if ((getuid() != 0) &&
((getuid() != st.st_uid) ||
((st.st_mode & S_IRWXU) != S_IRWXU))) {
/* disallow mount */
}
/* allow mount */
A simple and bad hack would be to remove that check.
(Allows anyone to mount a smbfs share anywhere in the fs, like
replace /usr/bin)
A better hack might be to allow someone with the proper group access
(users in this case) to mount.
(Allows anyone to mount a smbfs share anywhere in the fs where they
have user or group write access)
A good hack might be to do the same checks in smbmnt that mount normally
does (whatever that is ... disallow all non-root mounts unless in fstab
with user option? or perhaps add a list of allowed dirs to smb.conf).
Another option might be to get autofs to do the mounting, possibly using
different autofs maps (with different uid or gid parameters) depending on
who is requesting the mounting. I don't know how to do that in a nice
way but I think it is possible.
/Urban
More information about the samba
mailing list