Summary: | mount.cifs - non-root cannot mount samba shares from fstab due to bad SUID check | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Cornelius Weig <bitte.keine.werbung.einwerfen> |
Component: | New packages | Assignee: | Gentoo's SAMBA Team <samba> |
Status: | RESOLVED UPSTREAM | ||
Severity: | minor | CC: | denisgolovan, disinbox, ryan, tom, xyzzy |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Cornelius Weig
2007-07-23 21:51:19 UTC
Reproduced w/ sys-apps/util-linux-2.12r-r7. Removing the symlink won't fix anything, you'll get <snip> mount: wrong fs type, bad option, bad superblock on /my_share, missing codepage or other error In some cases useful info is found in syslog - try dmesg | tail or so </snip> instead. mount shouldn't be stupid and shouldn't check SUID on symlink but on the real thing, IMO. that is a samba error, not a util-linux one if you ran `mount.cifs` by hand you'd see the same problem i looked into this once before quite a long time ago and recall samba doing this on purpose by design ... Well, removing the symlink in /sbin did fix it for me. But I agree the SUID check should be performed on the real thing and not on the link. Maybe the upstream people should look into this. *** Bug 192379 has been marked as a duplicate of this bug. *** *** Bug 194799 has been marked as a duplicate of this bug. *** *** Bug 210235 has been marked as a duplicate of this bug. *** *** Bug 210235 has been marked as a duplicate of this bug. *** I was going to reply in bug 210235 but it seems you want my rant here, even though this bug seems to be about running 'mount' and using fstab, when my issue is exactly the one in the Bug 210235, i.e., running mount.cifs by hand. Yes, I was bitten by the removal of suid root from mount.cifs. Making the file suid root *fixed* it for me, and I can again mount shares by hand. I never do it via fstab, since I don't want anyone to use my (or root's) credentials in the fileservers, and the mount point is in my home directory. btw. I checked and I do have /sbin/mount.cifs -> /usr/bin/mount.cifs symlink here, but no /sbin/umount.cifs symlink. net-fs/mount-cifs-3.0.28 I simply want to stress that making the binaries suid root does fix the problem in Bug 210235. I'm not sure it will fix the problem in this bug, since I don't use fstab for it. And like already pointed out in the other bug, stat() will check the permissions on the linked-to file, not the symlink. At least according to documentation. Cross posting this from bug 210235 (apologies for the duplication), although I do believe it's a separate issue. From the man page for mount.cifs(8): The mount.cifs utility attaches the UNC name (exported network resource) to the local directory mount-point. It is possible to set the mode for mount.cifs to setuid root to allow non-root users to mount shares to directories for which they have write permission. So regardless of any actual bugs affecting the issue, I believe the wording here implies that the choice of whether to mark the binary setuid is up to the local system admin, and therefore should not be setuid by default. My preferred solution would be a USE flag, 'suid' perhaps, so that Portage knows about the changed mode; a note in the ebuild that the mode needs to be manually changed to enable mounting by non-root users would also be acceptable. As in comment #8, I'd like to emphasize that setting the binary setuid *does* work for me as advertised by the documentation. (In reply to comment #9) > Cross posting this from bug 210235 (apologies for the duplication), although I > do believe it's a separate issue. > As in comment #8, I'd like to emphasize that setting the binary setuid *does* > work for me as advertised by the documentation. Same stroy for me - without manually gining suid to /usr/bin/mount.cifs user-mount doesnot work. P.S. Samba v3.0.33, mount-cifs v3.0.28 BTW, what's the problem of giving suid use-flag like guys for ntfs3g did? Please use net-fs/cifs-utils instead. It has available the setuid USE flag |