[Techtalk] samba mounting by user

John Clarke johnc+linuxchix at kirriwa.net
Wed Dec 10 12:14:50 EST 2003 

On Tue, Dec 09, 2003 at 01:52:06PM +0100, Chantal Rosmuller wrote:

> smbmnt must be installed suid root for direct user mounts (500,500)

Only root can mount filesystems.  'mount' is setuid root, which means
that the program is allowed to obtain root privileges while it's
running, giving a normal user (temporarily) enough privilege to mount
filesystems.  smb filesystems aren't mounted by 'mount' but by
'smbmnt', so if it isn't setuid root, normal users won't be able to
mount smb filesystems.

> I thougth adding the word user in the /etc/fstab options would be
> enough?

That's sufficient for non-smb filesystems because 'mount' is setuid
root.

> Does anyone know what I forgot?

It's easy, just change the permissions of 'smbmnt' to be setuid root. 
You also need to do the same to 'smbumount' to allow users to unmount
their smb filesystems.

I'm assuming that your samba binaries are installed in /usr/bin.  If
you've installed samba from source rather than as a package from your
distribution, they may be somewhere else, e.g. /usr/local/bin.  They
should be in your $PATH so you can use 'which smbmnt' to find them.

You probably have:

    [johnc at dropbear ~]$ ls -l /usr/bin/smbmnt /usr/bin/smbumount
    -rwxr-xr-x    1 root     root       535752 Apr  6  2003 /usr/bin/smbmnt
    -rwxr-xr-x    1 root     root       534690 Apr  6  2003 /usr/bin/smbumount

As root, do:

    [root at dropbear ~]# chmod u+s /usr/bin/smbmnt /usr/bin/smbumount

which will change it to:

    [root at dropbear ~]# ls -l /usr/bin/smbmnt /usr/bin/smbumount
    -rwsr-xr-x    1 root     root       535752 Apr  6  2003 /usr/bin/smbmnt
    -rwsr-xr-x    1 root     root       534690 Apr  6  2003 /usr/bin/smbumount

The first 'x' in the permissions is now an 's'.  This means set uid to
the owner when the program is executed, i.e. root.  You can also have
an 's' in the group permissions, which means set group id on program
execution.

However, once you've enabled suid, users can mount and umount *any* smb
filesystem on any directory that they own and have write permission
to.  They're not restricted to what's in /etc/fstab.


Cheers,

John
-- 
whois !JC774-AU at whois.aunic.net
GPG key id: 0xD59C360F
http://kirriwa.net/john/

More information about the Techtalk mailing list