Summary: | net-fs/mount-cifs should have USE flags for setuid and for defining CIFS_ALLOW_USR_SUID | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Tanktalus |
Component: | [OLD] Unspecified | Assignee: | Gentoo's SAMBA Team <samba> |
Status: | RESOLVED WONTFIX | ||
Severity: | normal | CC: | cruzki123, denisgolovan, jer, jesse, klaas.decanniere, nbowler, xyzzy |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | Ugly fix to allow non-root mounting of CIFS shares when mount.cifs is SETUID root. |
Description
Tanktalus
2008-07-21 23:15:43 UTC
Created attachment 177010 [details, diff] Ugly fix to allow non-root mounting of CIFS shares when mount.cifs is SETUID root. As of net-fs/mount-cifs-3.0.30, manually setting SUID on the resulting binary in /usr/bin does not make mounting with an UID!=0 work; check http://forums.gentoo.org/viewtopic-p-5355191.html#5355191 for details. I tried to track down the problem, and it seems that mount.cifs improperly checks for permissions when called from a non-root account. Sadly, I do not have the time to investigate this to an extent that would enable me to provide a definite fix, but I managed to get it to work for me. The attached patch details the approach I took - it's ugly, but it enables the functionality I need. I don't know if there's an impact on security, but I'd not be very surprised if there was, so please beware. (
>
> I tried to track down the problem, and it seems that mount.cifs improperly
> checks for permissions when called from a non-root account. Sadly, I do not
> have the time to investigate this to an extent that would enable me to provide
> a definite fix, but I managed to get it to work for me.
> The attached patch details the approach I took - it's ugly, but it enables the
> functionality I need. I don't know if there's an impact on security, but I'd
> not be very surprised if there was, so please beware.
I haven't yet tried the patch, but I can mount a cifs filesystem as a normal user using the "suid,users" option.
However, I can't actually access the files below the mount point.
Permission is denied whatever I do.
Is reverting to a previous or later version a viable option?
the situation:
- the normal user owns the mount point, and the correct user name and group ID etc are specified in fstab
- mount, umount, mount.cifs is setuid root
- fstab entry is something like:
//host/share /home/me/share \
cifs \
noauto,ro,username=remoteuser,uid=me,gid=mygroup,domain=WORKGROUP,suid,users 0 0
before and after the mount, ls -l shows that I own the mount point
After mounting permissions are drwxr-xr-x, which seems ok but does not allow me access
I also can't change that because the file system is ro. Mounting as rw still does not allow me to change it - I only get permission denied.
(
> I haven't yet tried the patch, but I can mount a cifs filesystem as a normal
> user using the "suid,users" option.
That is net-fs/mount-cifs-3.0.30 on amd64, kernel 2.6.27-gentoo-r7, SMP, to be complete.
A use flag to install mount.cifs / umount.cifs setuid would be very useful. I currently have to manually chmod them every time the package is upgraded, and I'm usually reminded to do this by the complaints of my users: "damnit, you broke mount.cifs again!" For those interested. I added a patch for the latest samba to make suid work again. It also enables any mounts user wishes to have instead of just listed in /etc/fstab. It is here - http://bugs.gentoo.org/show_bug.cgi?id=315445 dropped |