[Techtalk] samba mounting by user
johnc+linuxchix at kirriwa.net
Wed Dec 10 12:14:50 EST 2003
On Tue, Dec 09, 2003 at 01:52:06PM +0100, Chantal Rosmuller wrote:
> smbmnt must be installed suid root for direct user mounts (500,500)
Only root can mount filesystems. 'mount' is setuid root, which means
that the program is allowed to obtain root privileges while it's
running, giving a normal user (temporarily) enough privilege to mount
filesystems. smb filesystems aren't mounted by 'mount' but by
'smbmnt', so if it isn't setuid root, normal users won't be able to
mount smb filesystems.
> I thougth adding the word user in the /etc/fstab options would be
That's sufficient for non-smb filesystems because 'mount' is setuid
> Does anyone know what I forgot?
It's easy, just change the permissions of 'smbmnt' to be setuid root.
You also need to do the same to 'smbumount' to allow users to unmount
their smb filesystems.
I'm assuming that your samba binaries are installed in /usr/bin. If
you've installed samba from source rather than as a package from your
distribution, they may be somewhere else, e.g. /usr/local/bin. They
should be in your $PATH so you can use 'which smbmnt' to find them.
You probably have:
[johnc at dropbear ~]$ ls -l /usr/bin/smbmnt /usr/bin/smbumount
-rwxr-xr-x 1 root root 535752 Apr 6 2003 /usr/bin/smbmnt
-rwxr-xr-x 1 root root 534690 Apr 6 2003 /usr/bin/smbumount
As root, do:
[root at dropbear ~]# chmod u+s /usr/bin/smbmnt /usr/bin/smbumount
which will change it to:
[root at dropbear ~]# ls -l /usr/bin/smbmnt /usr/bin/smbumount
-rwsr-xr-x 1 root root 535752 Apr 6 2003 /usr/bin/smbmnt
-rwsr-xr-x 1 root root 534690 Apr 6 2003 /usr/bin/smbumount
The first 'x' in the permissions is now an 's'. This means set uid to
the owner when the program is executed, i.e. root. You can also have
an 's' in the group permissions, which means set group id on program
However, once you've enabled suid, users can mount and umount *any* smb
filesystem on any directory that they own and have write permission
to. They're not restricted to what's in /etc/fstab.
whois !JC774-AU at whois.aunic.net
GPG key id: 0xD59C360F
More information about the Techtalk