GNU bug report logs -
#37569
Mount does not honor 'user' option.
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 37569 in the body.
You can then email your comments to 37569 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org
:
bug#37569
; Package
guix
.
(Tue, 01 Oct 2019 13:43:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Diego Nicola Barbato <dnbarbato <at> posteo.de>
:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org
.
(Tue, 01 Oct 2019 13:43:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Hey Guix,
I have added the following to `file-systems' in my operating-system
config:
--8<---------------cut here---------------start------------->8---
(file-system
(device "127.0.0.1")
(mount-point "/home/diego/inf")
(type "9p")
(options "noextend,trans=tcp,dfltuid=1000,dfltgid=998,port=9001,user,nofail")
(mount? #f))
--8<---------------cut here---------------end--------------->8---
It works almost as expected except that when I try to mount the file
system as a regular user (which is what the option 'user' is supposed to
allow) I get:
$ LC_ALL=C mount inf
mount: /home/diego/inf: must be superuser to use mount.
The command succeeds if I run it as root.
The following steps reproduce the issue without using a 9p file system:
1. Prepare a file system on a loopback device:
$ dd if=/dev/zero of=foo.img bs=1024 count=524288
$ udisksctl loop-setup --file foo.img
Mapped file foo.img as /dev/loop0.
$ sudo mkfs.ext4 -L foofs /dev/loop0
2. Add the following line to /etc/fstab replacing <name> with something
more appropriate:
LABEL=foofs /home/<name>/foofs ext4 defaults,user
3. Try to mount the filesystem as an unprivileged user (This should work
and does work on e.g. Debian 10):
$ mkdir foofs
$ LC_ALL=C mount foofs
mount: /home/<name>/foofs: must be superuser to use mount.
4. Try it with sudo to confirm that everything else works as expected:
$ sudo mount foofs
$ ls foofs
lost+found/
Regards,
Diego
Information forwarded
to
bug-guix <at> gnu.org
:
bug#37569
; Package
guix
.
(Tue, 01 Oct 2019 19:28:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 37569 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hmm, how is that solved with other distributions? Is "mount" suid root there?
[Message part 2 (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org
:
bug#37569
; Package
guix
.
(Tue, 01 Oct 2019 21:44:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 37569 <at> debbugs.gnu.org (full text, mbox):
Hello Danny,
Danny Milosavljevic <dannym <at> scratchpost.org> writes:
> Hmm, how is that solved with other distributions? Is "mount" suid root there?
Indeed, in Debian both mount and umount are suid root:
$ stat -c "%a %U:%G %n" /bin/*mount
4755 root:root /bin/fusermount
4755 root:root /bin/mount
4755 root:root /bin/umount
Thanks,
Diego
Information forwarded
to
bug-guix <at> gnu.org
:
bug#37569
; Package
guix
.
(Fri, 04 Oct 2019 07:00:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 37569 <at> debbugs.gnu.org (full text, mbox):
Diego Nicola Barbato <dnbarbato <at> posteo.de> writes:
> Hello Danny,
>
> Danny Milosavljevic <dannym <at> scratchpost.org> writes:
>
>> Hmm, how is that solved with other distributions? Is "mount" suid root there?
>
> Indeed, in Debian both mount and umount are suid root:
>
> $ stat -c "%a %U:%G %n" /bin/*mount
> 4755 root:root /bin/fusermount
> 4755 root:root /bin/mount
> 4755 root:root /bin/umount
I've tried adding "mount" and "umount" to `setuid-programs' in my
operating-system config:
--8<---------------cut here---------------start------------->8---
(setuid-programs (cons*
#~(string-append #$util-linux "/bin/mount")
#~(string-append #$util-linux "/bin/umount")
%setuid-programs))
--8<---------------cut here---------------end--------------->8---
Mounting as an unprivileged user now works as expected (even the fancy
9p stuff). Is there any rationale for not adding "mount" and "umount"
to `%setuid-programs' by default?
Thanks,
Diego
Reply sent
to
Ludovic Courtès <ludo <at> gnu.org>
:
You have taken responsibility.
(Sun, 06 Oct 2019 12:47:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Diego Nicola Barbato <dnbarbato <at> posteo.de>
:
bug acknowledged by developer.
(Sun, 06 Oct 2019 12:47:02 GMT)
Full text and
rfc822 format available.
Message #19 received at 37569-done <at> debbugs.gnu.org (full text, mbox):
Hi,
Diego Nicola Barbato <dnbarbato <at> posteo.de> skribis:
> I've tried adding "mount" and "umount" to `setuid-programs' in my
> operating-system config:
>
> (setuid-programs (cons*
> #~(string-append #$util-linux "/bin/mount")
> #~(string-append #$util-linux "/bin/umount")
> %setuid-programs))
>
> Mounting as an unprivileged user now works as expected (even the fancy
> 9p stuff).
Cool!
> Is there any rationale for not adding "mount" and "umount" to
> `%setuid-programs' by default?
No, especially since they perform the right checks and error out with
“only root can do that” when needed.
I added them in commit 19944227528502e3619a6d1557bc735224f6fef6.
Thanks!
Ludo’.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Mon, 04 Nov 2019 12:24:06 GMT)
Full text and
rfc822 format available.
This bug report was last modified 4 years and 166 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.